EU Internet Law in The Digital Era Regulation and Enforcement

Tatiana-Eleni
Synodinou
Philippe Jougleux · Christiana Markou
Thalia Prastitou Editors
EU Internet
Law in the
Digital Era
Regulation and Enforcement
EU Internet Law in the Digital Era
Tatiana-Eleni Synodinou •
Philippe Jougleux • Christiana Markou •
Thalia Prastitou
Editors
EU Internet Law
in the Digital Era
Regulation and Enforcement
Editors
Tatiana-Eleni Synodinou Philippe Jougleux
Department of Law School of Law
University of Cyprus European University Cyprus
Nicosia, Cyprus Nicosia, Cyprus
Christiana Markou Thalia Prastitou

School of Law School of Law
European University Cyprus European University Cyprus
Nicosia, Cyprus Nicosia, Cyprus
ISBN 978-3-030-25578-7 ISBN 978-3-030-25579-4 (eBook)

https://doi.org/10.1007/978-3-030-25579-4
© Springer Nature Switzerland AG 2020

This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of
the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation,
broadcasting, reproduction on microfilms or in any other physical way, and transmission or information
storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology
now known or hereafter developed.
The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication
does not imply, even in the absence of a specific statement, that such names are exempt from the relevant
protective laws and regulations and therefore free for general use.
The publisher, the authors, and the editors are safe to assume that the advice and information in this book
are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the
editors give a warranty, express or implied, with respect to the material contained herein or for any errors
or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims
in published maps and institutional affiliations.
This Springer imprint is published by the registered company Springer Nature Switzerland AG.
The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland
Preface
Internet law is a constantly evolving area of law. This is only natural given that the
Internet and the technologies (and services) developed and thriving on it are rapidly
adding up, transforming, amongst others, the way e-commerce is conducted, intel-
lectual property is created (and utilized) and cyber-crime is committed. These con-
tinuous transformations inevitably translate into new legal challenges for policy
makers, lawyers and judges who often find technological innovations puzzling,
necessitating new breeds of regulation and/or sophisticated application of existing
legal rules. In this respect, Internet law is perhaps the most dynamic area of law
about which, there is always something new to explore, discuss or address. The
European Union (EU) legislator continually adopts new legal frameworks, which
could be judged as a frenetic need of intervention to cope with the technological
progress. Interventions exist in the fields of cybercrime (cyber-attacks, internet
security, online fraud, hate speech, child pornography), e-commerce and online
contracts (with emphasis on the protection of consumer), copyright law, data protec-
tion, banking services, etc. The last notable interventions from the EU legislators
with direct implication to internet law (the General Data Protection Regulation
(GDPR) obviously but also the new Directive on Copyright Law in the digital single
market) show that the convergence towards consensus in the field of Internet law
becomes increasingly difficult as the economic and societal interests increase. In the
new Directive on Copyright Law, a clear opposition was visible between the giant
corporations of the internet (sometimes called GAFA), allied to activists militating
against internet regulation (such as eff) and copyright rightholders and content cre-
ators. This opposition could evolve to a war on information.
The exponential increase of legal intervention associated with the rise of con-
flicts of interests and fake news, leads to one consequence: it is vital for the internet
user to possess the conceptual tools to keep control of her destiny. Researches on the
field of internet law answer to this need. This book is the result of the vivid and pas-
sionate discussions that took place during the International Conference “REDA” in
2017, in Cyprus. It explores various topics organised under three basic parts refer-
ring to areas that strongly influence the Internet policy today. The first part of this
book presents the current state of the constantly evolving EU online copyright law.
v
vi Preface
The second part is dedicated to data protection, emerging technologies and digital
challenges that arise nowadays. Finally, the third part of this book presents the prog-
ress of EU law harmonisation in the field of e-commerce and online consumer pro-
tection. Essentially, this book builds upon the previous collective work on EU
Internet law and regulation and aims at taking further the endless discussion on
fundamental issues in areas affecting internet law. These include copyright enforce-
ment, freedom of expression, data protection, cyber-security, net neutrality and con-
sumer protection. Indeed the last 2 years in practice, since the time the previous
relevant collective work had been published, have seen important changes in the
internet-related legal landscape, as well as the rise of new commercial and other
practices in the electronic environment. This latter fact renders this new collective
work on EU internet law even more pertinent.
Initially, copyright has notoriously had its limits continuously challenged, tested
and stretched in the digital era. Accordingly, it should not be considered surprising
that there is a variety of copyright-related issues in the electronic environment to be
addressed by the law. The application of the exhaustion doctrine to intangible copies
of works is one such issue, which has also been the focus of recent case law of the
Court of Justice of the European Union (CJEU) that definitely merits an analysis.
The limits of the ‘lawful use’ of copyrighted works also comprise a fundamental
issue that remains contemporary given the multiple opportunities and the ease of
use of protected works on the internet. The relevant EU legal landscape has also
very recently welcomed a new important addition that is directly relevant to the
digital context, namely the Directive on Copyright in the Digital Single Market.
This brand new legal measure (just passed in April 2019) certainly poses issues
meriting exploration, one of them being the contentious express right of publishers
to the digital uses of their works. The relevant measure of course also affects more
general questions in the area of copyright, such as the complicated relationship
between copyright liability and providers’ liability, privileges and levies. A different
matter relating to copyright refers to the exceptions and limitations to which it is
subject, which are notoriously given a restrictive interpretation. A German reference
to the CJEU for a preliminary ruling seems to challenge this restrictive approach to
copyright exceptions and limitations and highlights a rather tendinous relationship
between copyright protection and respect of human rights as safeguarded by the EU
Charter of Fundamental Human Rights. Another heated topic concerns hyperlinks
(on which the workability of online interfaces basically relies) and the liability
implications of their use to copyright and the rules protecting it. A few years ago,
the CJEU has had the chance to shed light on the said implications concerning the
display of hyperlinks to protected works, and it is very interesting to see how
national legislators and/or courts have responded to (or implemented) the rules laid
down in the relevant CJEU case law. Lastly on copyright, it is well-known that
copyright is not just about economic rights but moral rights too. One such right is
the author’s right of divulgation existing in national legal regimes, such as those of
Germany and France. An inquiry into how this right relates to and/or works with the
economic right regulated at EU level is interesting, as it would shed light on the
need to introduce it in the EU legal regime relating to copyright.
Preface vii
Furthermore, the GDPR has come into force furnishing the world with some
experience in its practical effects, which are worthy of discussion. More generally,
as the digital environment is fueled by data, data-related issues, including data own-
ership, which seems to conflict with open access to data, are always on the forefront,
when it comes to the law of the internet. Such issues necessitate a thorough look not
only at data protection (and the GDPR) but also at other legal rules pertaining to the
protection of trade secrets and intellectual property rights. On the other hand, the
increased commercial exploitation of personal data poses even more serious issues
when the data involved is not only personal but also sensitive data, particularly data
relating to health. The GDPR imposes stricter controls on the use of sensitive data,
namely a prohibition on its processing except on sufficiently-specified grounds.
Even stricter controls, namely a wider prohibition on the commercial use or trade of
personal data may be inspired from the regulatory framework relating to human
parts, if an analogy can be drawn between human parts and sensitive data. Such an
approach obviously greatly upgrades the status and significance of sensitive per-
sonal data.
It is so obvious that internet law is vast. Apart from the aforementioned issues,
there are several more digital challenges that have a place in the particular area.
Cybersecurity for example, obviously goes part and parcel with the internet and
essential services relying on it. Indeed, these have to be secure (or at least, not
totally unsecure) if they are to gain the user trust necessary for them to develop and
thrive. It is probably not incidental that information security has been high in the
agenda of the EU legislator, who has recently produced important relevant work,
including the ENISA Regulation, the Network and Information Security Directive
and the GDPR, which contains security-flavoured provisions. Such new and techni-
cal pieces of legislation merit discussion facilitating their understanding and appli-
cation. This discussion by reference to technologies that can be applied to improve
privacy, security and trust, such as the so-called ‘Trusted Computing’ and can thus
serve as a method of compliance with the law is certainly fruitful. Moreover, the big
issue of net neutrality, essentially calling for the existence of rules akin to fair and
free competition rules but specific to online traffic management conducted by
Internet Service Providers is obviously central to the Internet. It could not have been
more pertinent now, a few years after the EU legislator has passed law seeking to
safeguard neutrality and prevent unfair, discriminatory and anti-competitive prac-
tices that ‘manipulate’ online traffic and effectively, make available a ‘constructed’
version of the internet to businesses and consumer users alike. Finally, even spoilers
of games, movies, TV series, reality shows or competitions, which are widely dis-
seminated on the Internet having both detractors and keen supporters or fans, have
a legal aspect. Indeed, if one inquires into their legality, one will come across
intriguing questions of law relating to trade secrets, freedom of expression and
copyright protection, that deserve to be addressed not so much to satisfy the curios-
ity of spoiler fans but to enlighten lawyers and the holders of the rights in the spoiled
works on their rights or legal position.
Another area of law, namely consumer protection is directly relevant to the inter-
net given the turn of consumers, particularly those belonging to newer generations,
viii Preface
to the online world for shopping and entertaining. E-commerce through social
media (or social commerce) has recently gained a significant boost increasing the
significance of related new commercial practices, as well as consumer risks and
provoking the need for a test application of EU legislation in the area of consumer
protection to the social environment. Additionally, in relation to consumer protec-
tion, the recent Proposal for a Directive on the supply of digital content has now
progressed to the point that is awaiting publication in the official journal of the
EU. Given that the said piece of legislation has come to close an existing regulatory
gap at EU level concerning contracts that have now become commonplace, a discus-
sion of its main provisions and related arising issues is certainly warranted. The
same is true of the most recent initiative of the European Commission, namely two
Proposals for Directives called the ‘New Deal for the Consumers’ aspiring to sig-
nificantly improve the rights of consumers and introduce a route to consumer col-
lective compensation, which is of paramount importance given that the vast majority
of consumer transactions are of small value. The EU legislator has also been active
in the area of alternative dispute resolution regarding consumer disputes in an
attempt to further improve enforcement of substantive consumer rules; how Member
States, such as Cyprus and Greece have taken up the solutions adopted at EU level
in relation to this matter, which seems to have attracted academic interest, is
fascinating.
All of the above issues or questions comprise the subject matter of the different
chapters that make this collective work on Internet law and regulation in the digital
era. Each one of them is the focus of a chapter in this collective work.
More specifically, in Chap. 1, Gerald Spindler deals with the development of
liability rules for copyright infringements regarding internet intermediaries, such as
YouTube or Facebook, and in particular, the intensively debated Article 13 (now
17)—often called “upload filter”. It scrutinizes the legislative process and progress
made, starting from the Commission’s Proposal, moving on to the European
Parliament position and finally to the compromise reached at the end of the Trilogue.
Emphasis is given on the provisions regarding the scope of application of Article 13
(now 17), the application of the right of communication to the public to online ser-
vice providers, data protection issues, the measures to be taken by the providers and
the complaint mechanisms and dispute resolution on the mandatory exceptions and
limitations provided by Article 17. Furthermore, this chapter analyses the develop-
ment of CJEU case law regarding the application of the right of “making available
to the public” to host providers, which, by interpreting broadly the notion of the
public, led to an extension of direct liability. Subsequently, it moves on to an analy-
sis of CJEU case law in relation to the liability of access providers, WiFi hotspots
and the question of injunctions against intermediaries. As Professor Spindler high-
lights, the analysis of the above developments, and mainly the discussions concern-
ing Article 13 (now 17), show that any upload filter or content identification
mechanism implies necessarily data protection issues. Even if the dilemma between
free exchange of ideas, as well as data and anonymity, on one hand, and the protec-
tion of rightholders, on the other, seems prima facie to be unsolvable, a solution
based on the idea of levies should be, according to the author, the preferred option.
Preface ix
This is because users and platforms would benefit from limitations allowing for user
generated content, whilst rightholders could claim adequate levies that will be cal-
culated upon traffic data or statistically monitored use of their works on the
platforms.
In Chap. 2, Tatiana-Eleni Synodinou analyses the concepts of “lawful user”,
“lawful use” and “lawful access” in European copyright law. The author argues that
it is vital to conceive these concepts flexibly to include uses implied by the interpre-
tation of contracts between rightholders and users, in accordance with the standards
of fairness and good faith. Furthermore, it is demonstrated that for the CJEU, the
concept of lawfulness of use is linked to the mens rea of the user, in the sense that
the use will not be lawful if the user was aware—or ought to have been aware—of
the manifestly unlawful nature of the copy of the work reproduced or made avail-
able to the public. A taxonomy of lawful use which consolidates the EU copyright
acquis on lawful use is proposed. The author concludes its chapter by commenting
on the substantial role these notions have to play in the future EU copyright law
policy.
In Chap. 3, Elenora Rosati focuses on the legal issue of linking and copyright.
The author first describes the state of the art on the right of communication to the
public in the European Union, after the seminal cases of SGAE, Svensson and GS
Media and concludes that a lot of ambiguity remains. It therefore refers to the first
national decisions issued in Sweden and Germany, being in practice the national
aftermath of the ruling in GS Media, and demonstrates how diverging national
approaches are related to this ambiguity. This has been particularly the case for the
presumption of knowledge for for-profit link providers, as envisaged in GS Media.
Indeed, a crucial question, which triggered divergent answers is whether the profit-
making intention should be referred to the act of linking as such or to the context in
which the link is provided. Specifically, courts have adopted different approaches to
the presumption of knowledge. This has been particularly the case of Germany,
where courts departed from the strict approach of the GS Media ruling. Indeed,
instead of holding the presumption rebutted in the specific instance considered, they
held against its applicability tout court, on grounds of reasonableness and by plac-
ing significant emphasis on the fundamental rights dimension.
In Chap. 4, Bernd Justin Jutte discusses the topic of copyright law and funda-
mental rights with emphasis on the question of whether fundamental rights might
force more flexibility into the copyright law system. In the author’s view, the
European copyright rules systematically in favour of a dominance of exclusive
rights over permitted uses. Many of such uses are rooted in fundamental rights, but
the limited nature of exceptions and limitations prevents the exercise of fundamen-
tal rights in certain circumstances. In this context, this chapter discusses the pending
preliminary references in the German “Metall auf Metall III”, “Reformistischer
Aufbruch” and “Afghanistan Papiere” cases and their potential relevance for the
legality of Art. 5 of the InfoSoc Directive. As the author highlights, those cases are
of fundamental importance, since the BGH by asking a question, the answer of
which seems to have already been given by secondary legislation, provokes the
CJEU to re-think EU copyright law in lieu of the EU legislator. In Jutte’s view, the
x Preface
Court either has to permit more flexibility within the set of existing rules or suggest
legislative additions to the entire copyright acquis. Furthermore, according to the
author, the Court will have to be careful not to undermine the reliability of existing
copyright law by providing an easily accessible leapfrog procedure with fundamen-
tal rights as its springboard.
In Chap. 5, Maria-Daphne Papadopoulou and Evanthia-Maria Moustaka discuss
about evolutions and perspectives in copyright law and more specifically about the
press publishers right on the internet. According to the authors, the introduction of
an exclusive related right to press publishers for the digital uses of their content
formed a casus belli within a long—term and rather adventurous legislative initia-
tive. This chapter explores in detail various key issues of the new right on press
publications, demonstrating the objectives sought through its establishment, while
analysing the legal and economic background from both sides of this persisting
controversy. Starting off with an interesting discussion on the rationale behind the
new publishers’ right and its key features, this chapter brings forward the two legis-
lative initiatives undertaken at national level, and more importantly, the examples of
Germany and Spain. Moving on, the authors proceed to an in-depth analysis of the
considerable criticism the Proposal has received, as well as the compromise amend-
ments that were later introduced, bringing forward in practice as they interestingly
claim two sides of the same arguments. More importantly in the final part of this
chapter, the final text of the proposed Article 11 (now Article 15) is presented, fur-
ther including the rationale behind and the objectives pursued under its establish-
ment. The authors conclude that copyright in the digital single market Directive is
now a reality consisting of the “world – first legislation” that has recognized the
need to strike a fair balance between conflicting rights and interests in the digital
environment.
In Chap. 6, Branka Marušić provides a comparative analysis of the material
scope of application of the moral right of divulgation and the economic right of
communication to the public in the EU’s digital single market. The aim is to bring
forward arguments why the application of both rights should only be addressed
through the protection afforded by the economic right. In the author’s view, this is
because of the fact that the right of divulgation and the right of communication to
the public share the same trigger point for their application, which is the author’s
choice in sharing her or his work with the public. The author proceeds to a compara-
tive overview of the dualistic and the monistic approach of regulating the right of
divulgation in line with the coexisting economic right of communication to the pub-
lic at EU level. This analysis concentrates on three main issues: what does this right
entail, the exhaustion of this right and the possible conflicts that might occur in a
hypothetical scenario in which both rights can be employed. The first trend is that
jurisdictions that have monistic approach to copyright have both these rights con-
tained in their copyright legislative framework, whereas jurisdictions with dualistic
approach are more inclined to merge these two rights. The author then addresses the
contours of the EU harmonised right of communication to the public. As she pin-
points, this economic right, in the CJEU’s case-law, is viewed through the author’
consent to communicate the work to the public and presumes that the author
Preface xi
c onsented or wanted her or his work to be shared with the public. She then con-
cludes that connecting points of the right of communication to the public and the
right of divulgation can be found. Specifically, such a connecting point is that both
the act of communication and the act of divulging the work require consent of the
author for the right not be infringed. In her view, it is visible that merging of these
concepts and the material scope of application of both economic and moral rights is
more an intuitive step made either by legislators or by the courts.
In Chap. 7, Liliia Oprysk deals with the problematic issue of digital exhaustion
in EU Copyright law. Whereas the topic of “digital” exhaustion is intriguing from
the perspective of copyright law, it is no less thought-provoking in the context of the
internal market. Even before the copyright harmonisation took off, the CJEU used
the principle to facilitate the functioning of the internal market by eliminating the
impediments to the free movement of goods within the EU. This chapter seeks to
place the issue at stake in its broader context. Namely, it discusses whether extend-
ing the applicability of exhaustion to the acts of online dissemination can be of any
assistance in facilitating the free movement of digital goods and services as set out
in the Digital Single Market (DSM) Strategy. As the author pinpoints, given the very
absence of clarity on the application of the principle of exhaustion to acts of online
dissemination under the EU copyright acquis, the answer is not straightforward. As
a reference for a preliminary ruling, on the application of exhaustion to acts of
online dissemination under the EU copyright acquis, has recently reached the CJEU,
in case C-263/18, its copyright aspect is to be clarified in the nearest future. It, how-
ever, remains to be seen how the CJEU in answering this question could contribute
to or interfere with the objectives of the DSM. In conclusion, the author suggests
that the “digital” exhaustion has a potential to advance the DSM. In her view, while
a CJEU ruling affirming the application of the copyright exhaustion online would
contribute to the protection of reasonable consumer expectations, it would not elim-
inate the challenges the DSM is facing in this area in its entirety. Indeed, the copy-
right aspect in isolation would not be capable of resolving the difficulties in a way
comparable to the analogue world. Nonetheless, opting for denying the “digital”
exhaustion altogether could deprive the courts of a powerful instrument for balanc-
ing the divergent objectives of copyright protection.
In Chap. 8, Phillippe Jougleux focuses on the legal framework of “spoilers”
defined as the revelation of elements of a plot of a piece of fiction that the public is
not yet aware of. The author distinguishes between “relative spoilers”, i.e., informa-
tion about an already published work of mind, and “absolute spoilers”, i.e., informa-
tion about a non-published work of mind. In the first part, it is argued that relative
spoilers do not raise any liability as the person who publishes the spoiler is pro-
tected by freedom of expression. However, the question of moderation touches on
sensitive legal issues related to the need to enforce a stronger horizontal effect of
freedom of expression on the Internet. The second part focuses on the “absolute
spoiler” and considers it as a form of information theft that is nowadays regulated
by the Directive on trade secrets. In the third and last part of the chapter, the author
shows how, alternatively, copyright law could be of use in guarding against both
relative and absolute spoilers.
xii Preface
In Chap. 9, Francesco Bartele deals with the topic of data ownership revisited
from a European point of view. He explains that to unleash the potential of new
data-driven opportunities, players in the data market need to have access to large
and diverse datasets and discusses the European Commission’s idea of introducing
a novel right in raw machine-generated data. The author elaborates on the existing
EU acquis on data ownership, deriving from intellectual property rights (namely
copyright and database right), trade secrets, traditional property and factual control
situations derived by data protection laws. These ownership mechanisms are power-
ful. However, they difficulty extend to raw data. Despite this, gaps in law have been
filled through contractual schemes and technological access restrictions that enhance
the ability to control data. The chapter further explores the position of those that
support the idea of a new property right in data and elaborates on the new right
proposed by the European Commission. The author concludes that creating new
monopolies capable of restricting open access to data may result in a threat to the
development of an EU data market and highlights that further economic evidence is
needed before discussing the introduction of such a new right. Indeed, as the author
highlights, the database sui generis right is an accurate example that there is no
room for experimenting new rights, that are in fact very difficult to be reversed once
introduced in the legal system. In his view considering the three characteristics of
big data (namely volume, velocity and variety), it is reasonable to say that in the
data economy, access is more important than property in the data. In this context,
alternative solutions should be explored, such as sector-based access against remu-
neration. Meanwhile, the Commission can also support industry by promoting con-
tractual models, standardization agreements and standardised tools that allow
access, processing, collection and interoperability of data.
In Chap. 10, Ioannis Iglezakis, discusses about net neutrality: chances and chal-
lenges in the information age. After defining the term “net neutrality”, this term’s
rationale is brought forward. As the author explains, rules on net neutrality are
important because they are purported to maintain the open character of the internet
and allow internet users to gain access to online content and services without any
discrimination and hindrance from service providers. The main part of this chapter
is devoted to the various regulatory models that are currently in place in the U.S. and
the EU regarding this issue. Starting off with the US, the author focuses on the FCC
Restoring Internet Freedom Order, which replaced the Open Internet Rules, and its
application in practice. More importantly in relation to the EU, the author proceeds
to an interesting analysis and discussion of EU Regulation 2015/2120, laying down
measures concerning open internet access and amending Directive 2002/22/EC,
which was adopted with a view to safeguard equal and non-discriminatory treat-
ment of traffic in the provision of internet access services and related users’ right.
The author concludes that in contrast to the developments in the U.S., the EU
appears determined to maintain and enforce the rules on network neutrality. As he
explains, these rules apply since April 2016, and as a result, national regulatory
authorities have assumed responsibility to assess traffic management and commer-
cial practices to effectively enforce this EU Regulation.
Preface xiii
In Chap. 11, Evangelia Vagena and Petros Ntellis present the latest developments
in EU cybersecurity legislation and their implementation in the Greek legal system.
As the authors state, cybersecurity is a top priority and a necessary condition for the
EU’s Digital Single Market. More specifically, after providing a brief definition of
cybersecurity, as well as the overall interest of the EU in legislating in the area of
cybersecurity, the authors proceed to an interesting discussion of various cyber
threats including inter alia the denial of services, ransomware, hacktivism, as well
as financial costs. More importantly, the authors bring forward the “Lecpetex” case
as an illustrative example of the cost of cybercrime in Greece. The main part of this
chapter is devoted in discussing various cybersecurity legislation initiatives at both
international/European, as well as national, Greek, level. The authors begin their
analysis with a brief presentation of the Convention on Cybercrime while discus-
sion is mostly focused on important legislative initiatives on EU cybersecurity pol-
icy, as well as on EU key players in this area of law such as ENISA and the European
Cybercrime Centre. This part brings additionally forward the Greek cybersecurity
framework and its key players. The last part of this chapter focuses on cybersecurity
and data protection that as the authors interestingly claim are often two sides of the
same coin. The authors conclude that although the new institutional instruments are
necessary for the prosecution of cybercrime, the most decisive factor for reducing
the perpetration of crimes of this kind is prevention.
In Chap. 12, Arno Lodder and Anna de Hingh observe that the datafication and
commercialisation of human existence affects human privacy and other more intrin-
sic human virtues. They explore bio-medical regulations prohibiting the trade of
human body parts and examine data processing practices in the light of the principle
against commercialisation contained therein to see whether an analogy could be
plausible. More specifically, the authors argue that an analogy between data pro-
cessing and human part trade could assist in the development of a new approach
towards what constitutes unacceptable commercial use of personal data, possibly
leading to a prohibition upon such processing. According to them, the notion of
human dignity can act as a constraint justifying such a strict approach, which can
result in more future-proof data protection regulation.
In Chap. 13, Yianna Danidou highlights the recent technological advancements
focusing on the protection of users’ security, trust and privacy. She points out, how-
ever, that the legal framework seemed unprepared to shield users against sophisti-
cated cyberattacks, which is what prompted the EU to enhance network and
information security, as well as data protection, through the introduction of the
GDPR and the Network and Information Security Directive (NIS). The author puts
major emphasis on Trusted Computing (TC), namely a technology that aims to pro-
tect the user and his privacy, as well as the integrity of her machine or device.
According to the author, to defeat security threats, what is needed are “networks of
security” rather than isolated security solutions and “gated communities”. The
chapter argues that technologies like TC can be used to build secure networks and if
adopted by Critical Infrastructures (CIs), to avoid cascade effects in interdependent
CIs, as well as to standardise components, thereby complying with EU cybersecu-
rity framework.
xiv Preface
In Chap. 14, Paula Giliker analyses why has it proven so difficult to introduce a
directive on contracts for the supply of digital content. As she interestingly claims,
the saga of this Directive is one that highlights the real difficulties of legislating in
the digital age. After explaining what does the notion “contracts for the supply of
digital content” means and why is legal intervention needed, the author analyses the
2015 legislative initiative and answers to the question of whether this proposal
formed a step forward. The main part of this chapter interestingly identifies four
main reasons why the introduction of the Directive had been delayed, these being
the impact of the (Online) Sale of Goods directive, the problem of engaging with
new technology, maximum harmonisation and time limits and seeks to identify les-
sons that may be learnt from this troubled journey. The author finally draws atten-
tion to the adoption of the Directive in April 2019 this being, as she states, an Easter
surprise, bearing in practice all the hallmarks of a compromise. The author con-
cludes inter alia that drafting legislation in a fast-moving area of law is never going
to be easy. Yet, failure to implement on time legislation in an area of law where there
is a clear demand for intervention should make us pause and reflect. Recognition is
needed that innovation requires consultation to bring stakeholders on board, that
national sensitivities need to be appreciated, that the more ambitious the project the
more likely approval cannot be guaranteed and that care must be taken in the draft-
ing process.
In Chap. 15, Christine Riefa notes the turn of individuals and businesses to social
media platforms to sell goods and services, thereby engaging in the so-called social
commerce, which seems to be a rising breed of online commerce. As the author
explains, social commerce combines e-commerce features with the rich social inter-
action enabled by social media and in practice user trust is central to its develop-
ment and flourishing. However, social media entail the risk of fraud, as not all users
are honest and reliable, something that means that consumers may be exposed to
scams that undermines their confidence. The author looks into how consumer goods
are being advertised and sold on social media and highlights interesting issues with
consumer protection laws. Having illustrated the relevant risks, the author examines
various ways in which user protection can be improved, such as self-regulation,
intermediary liability, collective actions and public enforcement. She concludes that
public enforcement is the most suitable tool to address consumer risks in the context
of social commerce, although improvements are necessary to improve its effective-
ness especially in cross-border situations.
In Chap. 16, Thalia Prastitou-Merdi looks into the 2018 New Deal on better
enforcement and modernisation of EU consumer law and answers to the question of
whether this forms an actually good digital deal. More specifically, the author, after
providing some background information as to how the Commission found its way
to this New Deal, proceeds to an interesting analysis of the four fundamental
changes brought forward by one of the two legislative proposals contained therein,
regarding in general the modernisation and digitalisation of European consumer
protection rules, aiming to shed light on the question of whether this legislative
initiative improves or not the substance of EU consumer protection legislation.
More specifically, this chapter focuses on consumer access to individual remedies
Preface xv
for unfair commercial practices, simplifications for businesses, transparency

requirements for online marketplaces and the addition of ‘free’ digital services to
the scope of the Consumer Rights Directive. The author concludes her analysis by
claiming that several of the provisions of this legislative initiative must be rethought
both from an approach, as well as from a content perspective before becoming offi-
cial EU legislation.
In Chap. 17, Anna Plevri discusses about Alternative Dispute Resolution (ADR)
and in particular about Online Dispute Resolution (ODR), as an alternative dispute
resolution method relying on technology and most importantly occurring online.
The author explains how this new online platform, launched by the European
Commission in early 2016 (where consumers and traders can resolve disputes aris-
ing of online purchases), works. According to Plevri, the ODR platform offers a
single point of entry that allows consumers and traders across the EU to settle their
disputes arising from both domestic and cross-border online purchases. The chapter
presents the legal framework of the ODR platform, namely EU Regulation 524/2013,
regarding online resolution of consumer disputes, as well as Directive 2013/11/EU
for consumer disputes, which are closely inter-related. The author proceeds addi-
tionally to an interesting comparison of the Cypriot ADR and ODR framework vis
a vis its Greek counterparts and furthermore examines how EU consumers are or
could be aided by ODR when it comes to consumer disputes in comparison to the
traditional court proceedings. The author concludes that there are in practice impor-
tant advantages associated with alternative dispute resolution.
There is definitely a lot in this book at the disposal of the eager reader fascinated
by EU internet law (or one or more of the areas falling within it). Doubtless, each
collective attempt such as the one mirrored in this book adds significantly to the
knowledge of the vast Internet law and often, triggers further research and addi-
tional valuable work on the subject. It is hoped that this will be the case in relation
to this book too and that the reader will enjoy it as much as the editors have, in the
process of putting it together.
Nicosia, Cyprus Tatiana-Eleni Synodinou

Nicosia, Cyprus Philippe Jougleux
Nicosia, Cyprus Christiana Markou
Nicosia, Cyprus Thalia Prastitou
Contents
Part I Copyright Law and the Internet

1 Copyright Law and Internet Intermediaries Liability �� 3
Gerald Spindler
2 Who Is a Lawful User in European Copyright Law? From
a Variable Geometry to a Taxonomy of Lawful Use �� 27
Tatiana-Eleni Synodinou
3 Linking and Copyright: Easier at Last? First National
Applications of the CJEU GS Media Judgment�� 61
Eleonora Rosati
4 Forcing Flexibility with Fundamental Rights: Questioning
the Dominance of Exclusive Rights�� 79
Bernd Justin Jütte
5 Copyright and the Press Publishers Right on the Internet:
Evolutions and Perspectives�� 99
Maria-Daphne Papadopoulou and Evanthia-Maria Moustaka
6 Author’s Right to Choose: Right of Divulgation in the Online
Digital Single Market of the EU �� 137
Branka Marušić
7 “Digital” Exhaustion and the EU (Digital) Single Market�� 161
Liliia Oprysk
Part II Emerging Technologies and New Digital Challenges

8 Spoilers Under European Internet Law�� 183
Philippe Jougleux
9 Data Ownership in the Data Economy: A European Dilemma �� 199
Francesco Banterle
xvii
xviii Contents
10 Net Neutrality: Chances and Challenges in the Information Age �� 227
Ioannis Iglezakis
11 Cybersecurity Legislation: Latest Evolutions in the EU and Their
Implementation in the Greek Legal System�� 239
Evangelia Vagena and Petros Ntellis
12 The Role of Human Dignity in Processing (Health) Data Building
on the Organ Trade Prohibition �� 261
Anne E. de Hingh and Arno R. Lodder
13 Trusted Computing Initiative on the Spectrum of EU
Cyber-Security Legal Framework�� 277
Yianna Danidou
Part III E-commerce and Online Consumer Protection

14 Adopting a Smart Approach to EU Legislation: Why Has
It Proven So Difficult to Introduce a Directive on Contracts
for the Supply of Digital Content?�� 299
Paula Giliker
15 Consumer Protection on Social Media Platforms: Tackling
the Challenges of Social Commerce �� 321
Christine Riefa
16 The 2018 New Deal on Better Enforcement and Modernisation
of EU Consumer Law: An Actually Good Digital Deal?�� 347
Thalia Prastitou Merdi
17 Alternative Dispute Resolution (ADR) & Online Dispute
Resolution (ODR) for EU Consumers: Τhe European and Cypriot
Framework �� 367
Anna Plevri
Contributors
Francesco Banterle Hogan Lovells Studio Legale, Milan, Italy

Yianna Danidou School of Sciences, European University Cyprus, Nicosia,
Cyprus
Anne E. de Hingh Faculty of Law, Internet Law, Vrije Universiteit Amsterdam,
Amsterdam, Holland
Paula Giliker Comparative Law, School of Law, University of Bristol, Bristol, UK
Ioannis Iglezakis Faculty of Law, Aristotle University of Thessaloniki,
Thessaloniki, Greece
Philippe Jougleux School of Law, European University Cyprus, Nicosia, Cyprus
Bernd Justin Jütte School of Law, University of Nottingham, Nottingham, UK
Vytautas Magnus University, Kaunas, Lithuania
Arno R. Lodder Department Transnational Legal Studies, Center for Law and
Internet, Vrije Universiteit Amsterdam, Amsterdam, Holland
Branka Marušić Department of Law, Stockholm University, Stockholm, Sweden
Evanthia-Maria Moustaka Legal Department, Hellenic Copyright Organization,
Athens, Greece
Petros Ntellis Athens, Greece
Liliia Oprysk IT Law Programme, University of Tartu, Tartu, Estonia
Maria-Daphne Papadopoulou Legal Department, Hellenic Copyright Organization,
Athens, Greece
Anna Plevri School of Law, University of Nicosia, Nicosia, Cyprus
Thalia Prastitou Merdi Comparative Law, School of Law, European University
Cyprus, Nicosia, Cyprus
xix
xx Contributors
Christine Riefa Brunel Law School, College of Business, Arts and Social Sciences,
Uxbridge, UK
Eleonora Rosati Law Department, Stockholm University, Stockholm, Sweden
Gerald Spindler Department of Civil Law, Commercial and Economic Law,
Comparative Law, Multimedia and Telecommunication Law, University of
Göttingen, Göttingen, Germany
Tatiana-Eleni Synodinou Department of Law, University of Cyprus, Nicosia,
Cyprus
Evangelia Vagena Information Technology Law, Computer Engineering &
Informatics Department, University of Patras, Patras, Greece
CIPP/E, Brussels, Belgium
Part I
Copyright Law and the Internet
Chapter 1
Copyright Law and Internet
Intermediaries Liability
Gerald Spindler
Abstract The chapter deals with the development of liability for copyright infringe-
ments of internet intermediaries, such as platforms like YouTube or Facebook, in
particular the hotly debated Art. 13 (now 17)—often called “upload filter”. The
chapter scrutinizes the way from the Commission’s proposal to the European
Parliament and finally the final compromise reached at the end of the Trilogue,
which has to be voted in the EP still.
1 Introduction
Since digitalization and internet have revolutionized the world, copyright law has
become one of the major topics in legal science as every step in the chain of up- and
downloading something to/from the internet touches upon copyrights, such as the
reproduction right or the right of making available to the public (Art. 2 and 3
InfoSoc-Directive1). On the other side, intermediaries have quickly been exempted
from liability (and criminal responsibility) to not hamper exchange and data traffic.
Since the Digital Millennium Copyright Act (DMCA) in the U.S. and the
E-commerce-Directive2 in the EU (Art. 12–15) have been introduced, access pro-
viders and host providers are largely freed of any liability (under certain
conditions).
According to the claims of the Intellectual Property (IP) Industry such as Music
or Movie Associations, the rise of file-sharing, user-generated content, and exchange
1
Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the
harmonization of certain aspects of copyright and related rights in the information society, OJ L
167/10.
2
Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain
legal aspects of information society services, in particular electronic commerce, in the Internal
Market, OJ L 178/1 (Directive on electronic commerce).
G. Spindler (*)
University of Göttingen, Göttingen, Germany
e-mail: gspindl@gwdg.de
© Springer Nature Switzerland AG 2020 3

T.-E. Synodinou et al. (eds.), EU Internet Law in the Digital Era,
https://doi.org/10.1007/978-3-030-25579-4_1
4 G. Spindler
of copyrighted material on platforms led to dramatic economic losses in sale, etc.

On the other side, the success of platforms such as YouTube, which uses user gener-
ated content to make money from advertisement (mostly even inserted in the video,
etc.), raised claims by copyright holders that they do not benefit adequately from the
generated profits. Rightholders often claim that music or other copyrighted material
is being used by YouTube users without any license, while still generating profits for
YouTube. The IP-industry labelled this discrepancy as the so-called “Value Gap”.
The EU-Commission wanted (and wants) to react on the new developments,
which were not foreseeable at the time when the InfoSoc-Directive was adopted.
The so-called Digital Single Market package (DSM-package) contains a lot of heav-
ily disputed modifications to the InfoSoc-Directive of which only some can be dis-
cussed here. The focus shall mainly be on Art. 13 of the proposed Copyright
Directive3 which refers to the “Value Gap” and upload filters (Sect. 2). Moreover,
the Court of Justice of the European Union (CJEU) adds growing details to a new
concept of how the right to make available to the public (Art. 3 InfoSoc-Directive)
can be understood, thus, blurring the traditional lines between contributory and
direct liability in cases of hyperlinks, etc. (Sect. 2.4). Finally, we will address some
upcoming issues of injunctions against WiFi- and Hotspot-Providers, as well as
access providers, which have been stirred up by national legislators such as enshrined
in the last German act on telemedia law envisaging to exempt WiFi-Providers from
any kind of liability (Sect. 3). The chapter will be terminated by an outlook towards
the opaque relationship between anonymity and liability (Sect. 4).
2 A
rt. 13 (Now 17) DSM—Proposal: To Filter
Uploads or Not?
The so-called “Value Gap” provoked different proposals, ranging from royalties or
fees to be paid by the platform operator (cf. below Sect. 4) up to an unrestricted
liability of platforms for user generated content. Under the existing legal frame-
work, the focus lies upon the question whether platform operators such as YouTube
can still be qualified as “neutral” operators, in the sense of the decision of the CJEU
in the case L’Oreal/ebay.4 In the light of this discussion, the Commission, Comité
des représentants permanents (COREPER) as the body of Member States, and the
European Parliament (EP) each presented different proposals for a new Art. 13
Copyright Directive amending the InfoSoc-Directive. Art. 13 of the Copyright
Directive aims at establishing obligations for platform operators to monitor content
that is uploaded by users to ensure compliance with copyrights of authors, etc.,
3
Proposal for a Directive of the European Parliament and of the Council on copyright in the Digital
Single Market COM (2016) 593 final.
4
CJEU, L’Oréal SA v eBay International AG and Others, Case C-324/09, Judgment of 12 July
2011, paras. 113, 116; See also CJEU, Google SARL v Louis Vuitton Malletier SA and Others, Case
C-236/08, Judgment of 23 March 2010, paras.. 114, 120.
1 Copyright Law and Internet Intermediaries Liability 5
while encouraging the users to obtain licences from rightholders, thus “closing” the
“Value Gap”.
2.1 Commission Proposal
The Commission’s proposal refers to “information society service providers that

store and provide to the public access to large amounts of works and other subject-
matter uploaded by their users”5—thus clearly aiming at user generated content
platforms such as Facebook or YouTube. However, the definition is quite opaque as
it is unclear whether non-commercial providers, for instance Wikipedia or universi-
ties with electronic platforms for their students, are also covered. Moreover, the
relation to Art. 14 of the E-commerce-Directive is not clarified.
The Commission wants to oblige providers “to ensure the functioning of agree-
ments concluded with rightholders for the use of their works or other subject-matter
or to prevent the availability on their services of works or other subject-matter iden-
tified by rightholders through the cooperation with the service providers”.6 The con-
tent ID-technique developed by YouTube obviously served as a blueprint for such
measures, the Commission explicitly refers to “effective content recognition” (Art.
13.1 Copyright Directive).
However, the Commission also realizes the danger for free communication
implied in such techniques as these can easily hinder free flow of information, for
instance if algorithms are not able to distinguish between infringement of copyright
and lawful use of the copyrighted material such as citations or satire. The Commission
tries to cope with this issue by obliging providers to introduce complaint and redress
mechanisms for users (Art. 13.2 Copyright Directive). Nevertheless, it is debatable
whether these procedures will outweigh the automated blocking of content.
2.2 COREPER
Prepared by the Estonian presidency and finally finished by the Bulgarian presi-
dency, COREPER presented a largely modified proposal of Art. 13 Copyright
Directive.7 The proposal clarifies in Art. 13.1 Copyright Directive that these “online
content sharing service provider” perform an act of communication to the public or
making available to the public. Thus, the COREPER proposal defines the acting of
providers as an extension of the right to make available to the public—even though
the content was uploaded by a third party; by that means the safe harbor privilege of
5
COM (2016) 593 final, p. 29.
6
Ibid.
7
Single Market—Agreed negotiating mandate of 25.5.2018, ST 9134 2918 INIT.
6 G. Spindler
Art. 14 of the E-commerce-Directive will not be applicable anymore, which is

affirmed by Art. 13.2 of the Copyright Directive of the COREPER proposal. As we
will see, this reasoning is somehow in line with the recent decisions of the CJEU
that tends to enlarge the scope of the notion “making available to the public”.8
In contrast to the Commission’s proposal, COREPER tries to define the border-
lines of “online content sharing service provider” in Art. 2.5 of the Copyright
Directive and Recital 37a by requiring that such a provider is one that encompasses
providers whose “main or one of the main purposes … is to provide access to a large
amount of copyright-protected content uploaded by their users with the purpose of
obtaining profit therefrom, either directly or indirectly, by organizing it and promot-
ing it in order to attract more audiences”.
According to Recital 37a, organizing and promoting content “(…) involves for
example indexing the content, presenting it in a certain manner and categorising it,
as well as using targeted promotion on it”.
On the other side, the COREPER proposal seeks to exclude those providers “(…)
whose main purpose is not to provide access to copyright-protected content with the
purpose of obtaining profit from this activity, (…) including internet access provid-
ers, as well as providers of cloud services which allow users, to upload content for
their own private use, such as cyberlockers, or online marketplaces whose main
activity is online retail and not giving access to copyright protected content.”
Moreover, non-commercial providers also seem to be excluded from the notion
of “the online content sharing service provider” as Recital 37a states: “Nor does this
definition cover websites which store and provide access to content for non-for-
profit purposes, such as online encyclopaedias, scientific or educational repositories
or open source software developing platforms which do not store and give access to
content for profit making purposes.”
On the other side, such websites which are more or less dedicated to the promo-
tion of copyright privacy should neither benefit from the safe harbor privileges laid
down in Art. 13 Copyright Directive of the COREPER proposal.
Thus, Art. 13.1 of the Copyright Directive of the COREPER version obliges the
“online content sharing service provider” either to obtain licences from rightholders
(which then also includes the permission for users to make use of the copyrighted
works (Art. 13.1 Copyright Directive) or to introduce measures which are specified
in Art. 13.4 of the Copyright Directive to prevent the availability of unauthorized
works. Following the approach of the Commission, the COREPER proposal also
specifies the providers’ obligations by granting a safe harbor privilege only if “it
demonstrates that it has made best efforts to prevent the availability of specific
works or other subject matter by implementing effective and proportionate mea-
sures, (…) to prevent the availability on its services of the specific works or other
subject matter identified by rightholders and for which the rightholders have pro-
vided the service with relevant and necessary information for the application of
these measures.”
Cf. below Sect. 2.5.1.

8
Moreover, Art. 13.4 of the Copyright Directive repeats the notice-and-take-down

mechanism of Art. 14 of the E-commerce-Directive by requiring the provider to
remove or disable access to works upon notification by rightholders of works or
other subject matter. However, going beyond Art. 14 of the E-commerce-Directive,
the provider also has to demonstrate “that it has made its best efforts to prevent their
future availability through the measures referred to (…)”, thus implementing a
notice-and-stay-down requirement. Furthermore, the fine tuning of these obliga-
tions is supposed to depend upon the size of the enterprise as Art. 13.5 of the
Copyright Directive of the COREPER-Proposal explicitly refers i.a. to
microenterprises.
Concerning limitations and exceptions, the COREPER proposal follows the
Commission’s approach by asking providers to implement complaint and redress
procedures in a detailed manner (such as decisions in due time, obligations for
rightholders to justify their requests to block access, and independent bodies to
assess complaints).
2.3 The Battle in the EP and the Final Vote
Parallel to the discussions inside COREPER, the European Parliament entered into
heated debates about the Copyright Package, which (after a preliminary report by
Comodini Cachia9) resulted in the Voss-Report,10 which was adopted in 2018 with a
slight majority in the committee on legal affairs (JURI). However, as a surprise, the
EU parliament first did not accept the Voss Report and turned it down; only after a
second vote at 12.9.2018 the EU parliament accepted most of the elements/amend-
ments proposed by the (modified) Voss Report.11
The Voss Report also seeks to extend the liability of platform providers by intro-
ducing several notions or amending the Commission’s proposal12—in contrast to
the preceding report of Comodini Cachia who wanted to stick to the definitions and
safe harbor privileges of the E-commerce-Directive.13 Most of the suggestions fol-
low the same approach taken by COREPER, such as declaring the activities of
“information society service providers”, which store or provide public access to
9
Therese Comodini Cachia, Draft Report for the Committee on Legal Affairs on the proposal for a
directive of the European Parliament and of the Council on copyright in the Digital Single Market
COM(2016)0593 – C8-0383/2016 – 2016/0280(COD)), 2016/0280COD of 10.3.2017.
10
Αxel Voss, Report on the proposal for a directive of the European Parliament and of the Council
on copyright in the Digital Single Market (COM(2016)0593 – C8-0383/2016 – 2016/0280(COD)),
A8-0245/2018 of 29.6.2018.
11
Amendments adopted by the European Parliament on 12 September on the proposal for a direc-
tive of the European Parliament of the Council on copyright in the Digital Single Market
(COM(2016)0593 – C8-0383/2016 – 2016/0280(COD)), P8_TA(2018)0337.
12
Voss Report, see e.g. Amendment 78.
13
See Explanatory Statement of the Comodini Cachia Report concerning Art. 13.
8 G. Spindler
work uploaded by their users, an act of communication to the public.14 As a refer-

ence to the decisions of the CJEU, in particular in the L’Oreal case, the Voss Report
and the EP vote follow the Commission’s proposal by declaring the activities of
“online sharing services” to go beyond the borderline of “mere provision of physi-
cal facilities”.
2.3.1 The Definition of “Online Content Sharing Service Provider”
One of the most worrying elements of Art. 13 referred to the scope, in particular to
the definition, of services targeted by the new provision. The Voss Report finally
carved a new definition called “online content sharing service provider”, which the
EP followed grosso modo by introducing an Art. 2.4(b)15: ‘online content sharing
service provider’ means a provider of an information society service one of the
main purposes of which is to store and give access to the public to a significant
amount of copyright protected works or other protected subject-matter uploaded by
its users, which the service optimises and promotes for profit making purposes.
Microenterprises and small-sized enterprises within the meaning of Title I of the
Annex to Commission Recommendation 2003/361/EC and services acting in a non-
commercial purpose capacity such as online encyclopaedia, and providers of online
services where the content is uploaded with the authorisation of all right holders
concerned, such as educational or scientific repositories, shall not be considered
online content sharing service providers within the meaning of this Directive.
Providers of cloud services for individual use which do not provide direct access to
the public, open source software developing platforms, and online market places
whose main activity is online retail of physical goods, should not be considered
online content sharing service providers within the meaning of this Directive;
This definition is flanked by new recitals such as the new 37a,16 repeating more
or less the complex definition of Art. 2.4(b).
Thus, only commercial activities are concerned, and even within this range,
some business models are exempted such as open source development platforms or
online market places, etc. Moreover, Art. 2.4(b) (and the Voss Report) clarifies that
online encyclopedias or platforms for scientific purposes, etc. are not touched by the
Art. 2.4(b), in particular not Wikipedia. However, in contrast to the Voss Report,
which did not provide any such provision, the EP wants to exempt also microenter-
prises from Art. 13.
14
Here, as well, the Comodini Cachia Report took no stance.
15
P8_TA(2018)0337, Amendment 150.
16
Ibid, Amendment 143.
2.3.2 A
rt. 13 (17): The Complex Triangle of Rightholders, Providers,
and Users
Concerning Art. 13 (now 17) itself, the EP also followed very closely the Voss
Report proposals, with some slight deviations:
Act of Communication to the Public The first key element of the proposed new
Art. 13.117 consists in stating explicitly that online content sharing providers per-
form an act of communication to the public—thus following the COREPER
approach and to some extent the CJEU decisions in the cases Filmspeler and Pirate
Bay.18 Hence, these providers cannot claim any more for safe harbor privileges
according to Art. 14 E-Commerce-Directive as they are infringing directly copy-
rights. Art. 13.1 calls providers to conclude licensing agreements with
rightholders.
One important clarification by the EP and the Voss Report—somehow in contrast
to COREPER—refers to the consequences of concluded license agreements: Such
license agreements should exclude liability of non-commercial users—which would
not be the case under InfoSoc-Directive and the case law of the CJEU which just
provides for differences in assumptions of knowledge concerning commercial and
non-commercial users like in the GS media case.19
Some new recitals correspond to this provision such as Recital 3820 proposed by
the EP, which lays stress on the obligation of providers to “take appropriate and
proportionate measures to ensure protection of works or other subject-matter, such
as implementing effective technologies.”
Quite remarkable and somehow opaque is the statement of the EP in the same
recital that “this obligation should also apply when the information society service
providers are eligible for the liability exemption provided in Article 14 of Directive
2000/31/EC.”
In some contrast to the proposal of the Voss Report (Recital 38), which draw a
clear line between Art. 14 of the E-commerce-Directive and the envisage online
content sharing service providers by stating that these providers do not anymore
play a passive role rather than active and thus do not fall under Art. 14, the EP mixes
up Art. of the 14 E-commerce-Directive with the proposed Art. 13. Hence, although
Art. 14 of the E-commerce-Directive would be applicable, obviously they should be
obliged by the proposed Art. 13—which is hardly compatible.21
17
P8_TA(2018)0337, Amendments 156, 157, 158, 159, 160, and 161.
18
Cf. Below 2.5.1.
19
CJEU, GS Media BV v Sanoma Media Netherlands BV et al., Case C 160/15, Judgment of 8
September 2016.
20
P8_TA(2018)0337, Amendments 144, 145, 146 EP.
21
However, note that the Voss Report also took up this notion at the end of the proposed Recital 38,
thus somehow contradicting the taken approach in the same recital.
10 G. Spindler
Measures to be Taken by Providers Another important and heavily debated cor-

ner stone of Art. 13 refers to the measure which providers have to take if no licence
agreements have been concluded, the so-called upload-filters. Once again, the EP
finally followed mostly the proposal of the Voss Report by adopting an amendment
to the Commission’s proposal: “Art. 3.2(a) Member States shall provide that where
right holders do not wish to conclude licensing agreements, online content sharing
service providers and right holders shall cooperate in good faith in order to ensure
that unauthorised protected works or other subject matter are not available on their
services. Cooperation between online content service providers and right holders
shall not lead to preventing the availability of non-infringing works or other pro-
tected subject matter, including those covered by an exception or limitation to
copyright.”
“Art. 3.3 As of [date of entry into force of this directive], the Commission and the
Member States shall organise dialogues between stakeholders to harmonise and to
define best practices and issue guidance to ensure the functioning of licensing
agreements and on cooperation between online content sharing service providers
and right holders for the use of their works or other subject matter within the mean-
ing of this Directive. When defining best practices, special account shall be taken of
fundamental rights, the use of exceptions and limitations as well as ensuring that the
burden on SMEs remains appropriate and that automated blocking of content is
avoided.”
Hence, providers will be obliged to take measures to prevent the availability of
not licensed or not by a limitation/exception justified content—what means in the
end, the introduction of upload-filters and tools to identify relevant copyrighted
content. Once again, the Comodini Cachia Report did not recommend such propos-
als which only mentioned the enforcement of concluded agreements, also laying an
emphasis on limitations and exceptions.22
However, one major difference between the Voss Report and the EP vote remains:
while the Voss Report neither mentioned SMEs (Small and Medium Sized
Enterprises) nor automated blocking of content, the EP explicitly addressed this
issue in Art. 3. When defining best practice, the EP lays stress on the balance of
fundamental rights (as well as considering limitations and exceptions) and also on
the avoidance of automated blocking of content. Hence, upload-filters, which would
result in such an automated blocking, should not be permitted—however, how
copyrighted content should then be identified and prevented from being made avail-
able is absolutely unclear. As human control of every copyrighted content is more
or less impossible for automated platforms such as YouTube, this provision would
end up either in permitting copyrighted content to be available (as no technology is
available that does not automatically block) or in closing those business models.
22
See Amendment 59 of the Comodini Cachia Report and the given justification: “The process
cannot underestimate the effects of the identification of user uploaded content which falls within
an exception or limitation to copyright. To ensure the continued use of such exceptions and limita-
tions, which are based on public interest concerns, communication between users and rightholders
needs to be efficient”.
Moreover, and also hard to reconcile, EP and the Voss Report emphasizes that no
general monitoring obligation such as mentioned by Art. 15 of the E-Commerce-
Directive should be introduced. However, how copyright content should be identi-
fied without a constant monitoring of all data traffic on a platform is absolutely
unclear and not conceivable.
Limitations and Exceptions: Complaint Mechanisms and Dispute
Resolution Another key element of the newly proposed Art. 13 refers to complaint
mechanisms and dispute resolution to safeguard the legitimate interests of users.
Thus, the EP voted for a new Art. 13.2(b), following closely the Voss Report and to
a certain extent similar to the COREPER proposal: “2b. Member States shall ensure
that online content sharing service providers referred to in paragraph 1 put in place
effective and expeditious complaints and redress mechanisms that are available to
users in case the cooperation referred to in paragraph 2a leads to unjustified remov-
als of their content. Any complaint filed under such mechanisms shall be processed
without undue delay and be subject to human review. Right holders shall reasonably
justify their decisions to avoid arbitrary dismissal of complaints. Moreover, in
accordance with Directive 95/46/EC, Directive 2002/58/EC and the General Data
Protection Regulation, the cooperation shall not lead to any identification of indi-
vidual users nor the processing of their personal data. Member States shall also
ensure that users have access to an independent body for the resolution of disputes
as well as to a court or another relevant judicial authority to assert the use of an
exception or limitation to copyright rules.”
This provision is flanked by new Recitals 39a23 and 39c,24 which repeats more or
less Art. 13 (2b) literally.
Hence, the EP lays stress on the obligation of rightholders to justify their requests
for removal of content, as well as the access of users to courts and/or independent
bodies for the resolution of disputes. Thus, the EP shifts the burden of action still to
users who want to claim exceptions and limitations. The Voss Report event went
further by stating that these complaint and redress mechanisms should be in place
“to prevent misuses or limitations in the exercise of exceptions and limitations to
copyright,”—thus, turning the relationship between limitations and rights upside-
down, as the redress mechanisms should be in place to protect limitations in favor
of users and not—vice versa—to combat misuses.
Data Protection One issue that was mentioned neither in the proposal of the
Commission nor of COREPER refers to data protection issues:
Every upload-filter or, likewise, mechanism to block or to remove content, could
easily end up in identification of users. To prevent any conflicts, the EP vote states
(and beforehand the Voss Report) in Art. 13.2(b), as well as in the new Recital 39a25:
“Moreover, in accordance with Directive 95/46/EC, Directive 2002/58/EC and the
23
P8_TA(2018)0337, Amendment 148.
24
Ibid, Amendment 44, 219.
25
Ibid, Amendment 148.
12 G. Spindler
General Data Protection Regulation, the cooperation shall not lead to any identifica-
tion of individual users nor the processing of their personal data.”
Again, although this provision seems to fit in the general framework of Data
Protection, it seems to square the circle. Given the fact that the Enforcement
Directive entitles the rightholder to claim for identification of an infringer against
any intermediary [Art 8 Intellectual Property Rights Enforcement Directive
(IPRED)], it is hard to reconcile this contradiction to the envisaged provision of Art.
13.2(b). If providers shall check copyrighted content, they also get information
about infringers so that rightholders can claim disclosure of this data under the
Enforcement Directive.
2.4 The Final Compromise of the “Trilogue”: The New Art. 17
Finally, after heated debates amongst Member States as well as in the EP (once
again), a final compromise has been reached (and—according to some rumours—
after Germany and France had found a deal), which left untouched the base of Art.
13 (17) and introduced some slight, but important deviations:
Scope of Application One of the first hotly debated issues has been related to the
scope of application. The final compromise took up the approach of the EP and
refers only to those (host) providers “whose main or one of the main purposes is to
store and give the public access to a large amount of copyright protected works or
other protected subject-matter uploaded by its users which it organises and pro-
motes for profit-making purposes” (Art. 2 (5). Art. 2 (5) sub 2) excluded all non-
profit services, such as online encyclopedia (so that Wikipedia is not being touched
upon), as well as educational and scientific repositories26. Even open source soft-
ware developing and sharing platforms are out of range—although here developers
may pursue commercial reasons by offering their services for open source software
that they have developed before. The same is true for “online marketplaces and
business-to-business cloud services” or those cloud services that allow users to
upload their content only for their own use. However, it will be arguable if for
instance a cloud service such as Google Drive, Microsoft OneDrive, iCloud, etc.,
could be qualified as cloud-services for “their own use”—as these services just
allow sharing of content with others to work on documents, etc. Hence, in most
cases, it will be difficult for those providers to draw the demarcation line between
services that are covered by Art. 13 and those that are not. Finally, in contrast to the
EP, the final compromise does not limit the exception for online market places to
those that retail physical goods.
Here, in contrast to the EP Proposal, it is not any more necessary that repositories do have the
26
authorization of all rightholders, see above.

Still, however, many services will be covered, ranging from YouTube to

Facebook, Instagram, Twitter, and even WhatsApp-Groups that can gather a lot of
users.
Act of Communication to the Public The compromise kept the approach that
online content sharing providers perform an act of communication to the public. As
stated, these providers cannot claim any more for safe harbor privileges under Art.
14 E-Commerce-Directive, as they are infringing directly copyrights. Further, the
obligation enshrined in Art. 13.1 to conclude licensing agreements with rightholders
has been upheld.
The same applies to the clarification by the EP and the Voss Report concerning
the consequences of concluded license agreements: These should exclude liability
of non-commercial users—which would not be the case under InfoSoc-Directive
and the case law of the CJEU that provides for differences in assumptions of knowl-
edge concerning commercial and non-commercial users like in the GS media case.27
In addition to the Parliaments proposal, Art. 13 (2) now extends this privilege to
those users who operate on a commercial basis but do not generate “significant
revenues”—whatever that means.
Concerning the relationship to Art. 14 of the E-Commerce-Directive, the Trilogue
compromise now simply states that Art. 13 of the compromise (DSM) shall fall
outside Art. 14 of the E-Commerce-Directive and should not have an impact upon
any other infringements or legal sectors (such as defamation, etc.). Thus, the mix of
Art. 13 and Art. 14 of E-Commerce-Directive (see above) has been resolved by a
demarcation line—which seems at first glance to be clear. However, as we will see
still, problems of balancing the E-Commerce-Directive with Art. 13 of the DSM-
package remain.
Measures to be Taken by Providers Probably the most hotly debated cornerstone
of Art. 13 refers to the measure that providers have to take if no licence agreements
have been concluded, the so-called upload-filters. The final compromise provides
for three basic obligations for providers: First, they must do their best in obtaining
licenses (Art. 13 (4) a)); second, to make “in accordance with high industry stan-
dards of professional diligence, best efforts to ensure the unavailability of specific
works and other subject matter for which the rightholders have provided the service
providers with the relevant and necessary information” (Art. 13 (4) b)), which is
quite remarkable, as the obligation to ensure the unavailability obviously does not
depend upon the efforts to obtain licenses, hence, it applies in any case. In addition,
the obligation refers as well to “specified works” as to “other subject matters for
which the rightholder have provided the service providers with the relevant and
necessary information”.
Third (Art. 13 (4) c)), providers have to take action expeditiously after having
received “a sufficiently substantiated notice by the rightholders” to remove the

27
September 2016.
14 G. Spindler
n otified work or to block access to it. Hence, only substantiated notifications can
give ground to such obligations—as already the CJEU stated for the notice under
Art. 14 E-Commerce-Directive - it is surprising that only notifications by righthold-
ers should trigger that obligation, hence, nobody else—in particular because the
EU-Commission made a slightly different statement with regard to Art. 14
E-Commerce-Directive. According to this statement, online platforms should put in
place effective mechanisms to facilitate the submission of notices that are suffi-
ciently precise and adequately substantiated. An easily accessible, user-friendly,
and contextual mechanisms should enable sufficiently substantiated and detailed
notices to allow the platform to find potentially illegal content quickly; moreover, to
make a sound assessment of the illegality of the content and act expeditiously where
appropriate. Users, however, should usually not be obliged to identify themselves
when reporting what they consider illegal content—although they should have the
opportunity to voluntarily submit their contact details in a notification.28
Moreover, Art. 13 (4) c) goes beyond Art. 14 E-Commerce-Directive (and fol-
lows injunction actions in Member States) by requiring providers to “stay down” the
notified work (notice-and-stay-down).
One crucial element of Art. 13 (4) refers to the “high industry standards”, which
will represent the benchmark for “upload-filters”. Whilst the EP favored a “dialogue
between stakeholders”, the final compromise mentions this dialogue at the end of
Art. 13 (9). Taking literally the notion of “industry standards”, the definition of
those standards would be up to the affected industry. However, Art. 13 (9) contra-
dicts that (traditional) perspective of industrial standards as stakeholders have to
take part in the whole procedure. Moreover, it still remains unclear if and how far
courts can control the effectiveness of those standards and how they comply with
fundamental human rights. However, Recital 38 refers to the competence of courts
to scrutinize the evolving state of the art of existing means, including future devel-
opments, and consider when assessing whether an online content sharing service
provider has made its best efforts according to the high industry standards of profes-
sional diligence. These requirements could then be used as a benchmark for the
standards themselves.
Moreover, Art. 13 (4a) tries to give more guidance for assessing the obligations
of Art. 13 (4) by referring to factors which have to be considered, namely “the type,
the audience and the size of services and the type of works or other subject matter
uploaded by the users; (b) the availability of suitable and effective means and their
cost for service providers.” All these are elements of the principle of proportional-
ity—however thus watering the benchmark “high industry standards” as every case
has to be assessed in particular. Even more, these factors are not exclusive, but just
some amongst others. Art. 13 (9) has to be read together with Art. 13 (4) as the defi-
nition procedure of standards has to consider also—self-understood—human rights.
Moreover, Art. 13 (9) states explicitly that “users associations” should have a right
to have access to adequate information of providers concerning the application of
European Commission, Tackling Illegal Content Online—Towards an enhanced responsibility of

28
online platforms, COM(2017) 555 final.

their practices according to Art. 13 (4). Hence, it should be clear that benchmarks
have to be defined by a complex procedure amongst all stakeholders.
One of the intensively discussed issues in Art. 13 referred to an exception for
small and medium enterprises: while the EP favored the mentioning of SMEs dur-
ing the process of adopting technical standards (see above), this exception was
rejected by some Member States, whereas other insisted in upholding it to foster
start-ups.29 The final compromise reached a very complex solution by not exempt-
ing SMEs in general but by introducing a new and timely restrained exception.
According to Art. 13 (4aa) now, Member States should be able to exempt those
“online content sharing service providers whose services have been available to the
public in the Union for less than three years and which have an annual turnover
below EUR 10 million within the meaning of the Commission Recommendation
2003/361/EC”. Hence, this exception is not harmonized. Moreover, the exception
concerns only obligations of ex ante upload filters; obligations to obtain authoriza-
tion are maintained. Concerning the notice-and-stay-down obligations, these enter-
prises benefit by a reduced requirement as they only have to take down (or block
access) to the infringing content; no “stay-down” action is necessary. It remains to
be seen how courts will interpret this restriction as some Member States like
Germany know actions for injunctions that result in a “stay-down” obligation.
To render this exception even more complex, those providers “where the average
number of monthly unique visitors of these service providers exceeds 5 million,
calculated on the basis of the last calendar year” have also to “demonstrate that they
have made best efforts to prevent further uploads of the notified works and other
subject matter for which the rightholders have provided relevant and necessary
information”. Hence, the “stay-down-obligation” applies again—however, only to
“notified works”. The wording refers to the obligation of Art. 13 (4) c) (substanti-
ated notifications, further uploads) and not to the general obligation ex ante of Art.
13 (4) b) remains. Hence, these providers must still comply “only” with the “notice-
and-stay-down” action.
Limitations and Exceptions: Complaint Mechanisms and Dispute
Resolution Although not mentioned amongst the factors to be considered when
defining standards, the traditional limitations to foster communication and freedom
of speech have to be respected. Hence, Art. 13 (5) b) mentions explicitly that
“Member States shall ensure that users in all Member States are able to rely on the
following existing exceptions and limitations when uploading and making available
content generated by users on online content sharing services: (a) quotation, criti-
cism, review; (b) use for the purpose of caricature, parody or pastiche.” The wording
of Art. 13 (5), however, suggests that these limitations do not have to be considered
when benchmarks for technologies are defined concerning the unavailability of
works and subject matters. On the other side, Art. 13 (4) refers in general only to
29
Recital 38ba clarifies that these specific exemptions may not be misused to circumvent the obli-
gations. Hence, if companies turn out to be just follow-ups of already existing business activities,
they do not benefit from the alleviations.
16 G. Spindler
“unauthorised acts of communication to the public”; if limitations are applicable,

however, these acts are per se not unauthorized but legitimate. Hence, the logic of
Art. 13 (4) and (5) is somehow opaque and shifts the burden of proofs and of taking
action to invoke the limitation to the user—although the limitation would be appli-
cably by law and usely would not need any demand by the user. Moreover, Art. 13 (5)
is somehow puzzling as the first sentence refers to all kinds of limitations that allow
users to make available works, whereas Art. 13 (5) second sentence seems to limit
the exceptions to those mentioned (however, it seems that most of the relevant limi-
tations are covered by Art. 13 (5) as non-commercial activities are out of scope of
Art. 13).
On the other hand, Member States in general should be obliged to enable users
to rely upon limitations in their favor. Art. 13 (5) second sentence should therefore
be qualified as a reinforcement of these obligations—but not as a restriction. This
applies in particular to supposedly unauthorized acts, Art. 13 (4).
In general, Art. 13 (5) states that none of the obligations for providers may result
in an unavailability of works that do not infringe copyrights, such as those that are
not any more copyright protected or have been licensed under an Open-Access-
License or are covered by a limitation.
Upload Filter and Prohibition of General Monitoring Obligations The final
compromise (Art. 13 (7) of the compromise) follows the same line of the EP and the
Voss Report, which emphasized that no general monitoring obligation such as men-
tioned by Art. 15 of the E-Commerce-Directive should be introduced. As men-
tioned, it is, however, hardly conceivable how infringing content should be identified
without a constant monitoring of all data traffic on a platform. If a provider is being
held to establish an upload filter, she is at the least not far away from any general
monitoring obligation. As the CJEU stated clearly in the SABAM-case also for host
providers (as mentioned in Art. 14 of the E-Commerce-Directive), such a general
obligation to monitor data traffic for infringements is not in line with basic constitu-
tional rights; hence, it remains to the CJEU to clarify if upload filters can be bal-
anced with constitutional guarantees.
Information About “Functioning of Practices” Art. 13 (7) of the final compro-
mise creates an additional obligation for providers to provide rightholders upon
their request with “adequate information” about the “functioning of their practises”.
This obligation seems to be at first glance unproblematic, a closer view, however,
reveals important conflicts. Technologies used by service providers such as YouTube
(ContentID) often contain trade secrets what Recital 38c explicitly acknowledges;
moreover, they are as well copyright protected as software. Hence, striking the bal-
ance between interests of rightholders to know how efficient these practices are and
interests of providers to keep their algorithms secret could be difficult. A third party
procedure that will enable trusted third parties to analyze the used technologies
whilst keeping the secrets may be adequate here. Rightholders may not require the
disclosure of the source code of algorithms used. Moreover, Recital 38c states that
a provider is not required to provide rightholders “with detailed and individualised
information for each work and other subject matter identified”.
Complaint Mechanisms and Dispute Resolution The final compromise follows

in grosso modo the approach taken by the European Parliament by requiring
Member States (not providers!) to introduce out-of-court redress mechanisms for
the settlement of disputes between parties (Art. 13 (8)). These mechanisms shall be
impartial and shall not exempt the right of users to turn to state courts to invoke their
rights. However, Online Dispute Resolution Mechanisms are not explicitly men-
tioned so that these out-of-court mechanisms could be anything. Moreover, although
only users are mentioned in Art. 13 (8) (and their right to have recourse to judicial
authorities), the same is likewise applicable to rightholders and providers.
Justification of Request of Removal Moreover, Art. 13 (8) requires rightholders
to justify their reasons for their requests. Hence, this justification is not dependent
upon a request of users but has to be provided in each case of request of rightholders
to remove a content. However, this obligation to justify concerns only requests to
remove content, thus referring to Art. 13 (4) c) and not to the general obligation to
make copyrighted content unavailable. Thus, the general “upload filter” is not con-
cerned. Once rightholders have given the necessary information, providers are
obliged to check the content (and the data traffic). Under Art. 13 (4) b), there is no
obligation to justify or to explain why rightholders believe that their content should
be protected by general monitoring.
Regarding the removal of uploaded content and hereto complaints, they are sub-
ject to human review. Thus, Art. 13 (8) allows implicitly for automated decisions, as
Art. 13 (8) refers to a “review” and not to a “human decision”.
Again, this human review is not mentioned concerning content that has not been
uploaded yet, in other words to which Art. 13 (4) b) applies. Thus, purely automatic
checks may be sufficient for Art. 13 (8) and Art. 13 (4) b)—which is clearly a case
for constitutional review, again applying the standards set by the SABAM and
Netlog case of the CJEU.
Data Protection As mentioned, the EP tried to respect the potential conflict with
the GDPR. The final compromise took the point by merely stating that “this
Directive shall (…) not lead to any identification of individual users nor to the pro-
cessing of their personal data, in accordance with Directive 95/46/EC, Directive
2002/58/EC and the General Data Protection Regulation.” Again, although this pro-
vision seems to fit in the general framework of Data Protection, it seems to square
the circle. Given the fact that the Enforcement Directive entitles the rightholder to
claim for identification of an infringer against any intermediary [Art 8 Intellectual
Property Rights Enforcement Directive (IPRED)], it is hard to reconcile this contra-
diction to the envisaged provision. If providers shall check copyrighted content,
they also get information about infringers so that rightholders can claim disclosure
of this data under the Enforcement Directive. As stated already, every upload-filter
or, likewise, mechanism to block or to remove content, could easily end up in
identification of users. How the safeguard of personal data of users can be recon-
ciled with a general check before uploading content, in particular in cases of notice-
and-stay-down procedures, remains unclear.
18 G. Spindler
2.5 T
he Extension of the Right to Make Available
to the Public by the CJEU
2.5.1 Development of Case Law
At the same time—and somehow serving as a background—the CJEU increasingly

clarified its jurisdiction on the notion of “making available to the public”, in particu-
lar the notion of “public”. Starting with the Svensson decision,30 the CJEU devel-
oped the formula that “public” meant that, by technological means, a “new public”
was reached (and not before) together with the authorization of the rightholder.
Hence, a hyperlink to a content published on the internet was not considered as an
infringement of the right to make available to the public as the content was lawfully
available on the internet (as the rightholder uploaded the content himself). However,
in GS Media,31 the CJEU clarified that hyperlinks to content that has not been
uploaded with the authorization of the rightholder (pirated content) constitute an
infringement of the right to make available to the public as the setter of the hyper-
link contributed to a (not authorized) “new public”. However, the CJEU restricted
the liability and obligations to check the copyright situation to commercial link-
setters, flanked by an assumption that commercial link-setters have been aware of
the situation. Hence, private and/or non-commercial link-setters are exempted from
this assumption. Moreover, the Court stressed the necessity of balancing interests,
so that there is no general rule that every commercial link-setter is faced with a lia-
bility for having linked a pirated content. Both notions, however, are a further devel-
opment of law by the CJEU that is not directly enshrined in Art. 3.
InfoSoc-Directive.32
In the decisions of Pirate Bay and Filmspeler, the CJEU went even further. The
Court declared any contributory action, such as embedding software in music play-
ers, which led directly to pirated works or instructions on how to get pirated works
(although not directly hosting them) to be direct infringements of copyrights, here
again, the right to make available to the public. Hence, all (national) lines of distin-
guishing contributory and accessory liability are now blurred in copyright as every
supporting action that helps to reach a “new public” (a public which has not been
authorized before) is now covered by the jurisdiction of the CJEU. Thus, it is not
surprising that some authors declared the CJEU as a substitute for the legislator,33
here Commission, EU-Parliament, and COREPER, as the interpretations handed
down by the CJEU are overtaking discussions and debates on the political level.
30
CJEU, Nils Svensson, Sten Sjögren, Madelaine Sahlman, Pia Gadd v Retriever Sverige AB, Case
C 466/12, Judgment of 13 February 2014.
31
September 2016.
32
Cf. Also, recently Peguera (2018).
33
For instance Leistner (2017), p. 755.
2.5.2 C
onsequences for Platforms and Art. 13 DSM-Package
and Search Engines
This extension of direct liability by interpreting the “public” in a wide manner

results in severe consequences for internet intermediaries of every kind. Platforms
like YouTube could then easily be qualified as enabling third parties to access unau-
thorized uploaded content just like Pirate Bay or Filmspeler that directly infringe
the right to make available to the public. The same as in the GS Media case, where
the CJEU obliged the commercial link-setter to check the copyright situation, could
apply to platforms like YouTube, as it is generally known that pirated content (or
unlicensed content) can be found on these platforms. Still, undecided by the CJEU
remains the question, which efforts are required by commercial linkers or contribu-
tors, in other terms, whether platforms like YouTube can avoid (direct) liability by
offering tools to rightholders to pursue infringers. However, taking the arguments of
the CJEU, which referred to actions and measures of link-setters, it could be prob-
able that the reversal of taking action that is implied by techniques such as ContentID
will not be considered as sufficient. In other terms, it is still the provider who has to
take action and to monitor content; making available tools like ContentID and, thus,
the indirect obligation for rightholders to use them to detect piracy, may not be con-
sidered as sufficient. Hence, the recent proposals of COREPER and of the Voss
Report declaring activities of platform providers as related directly to the act of
making available to the public may be based directly on the logic of the CJEU.
The GS Media decision could also have a huge impact on other intermediaries
and services, such as search engines. As most of them act commercially, they would
be—following the logic of GS Media—obliged to check the copyright situation for
every link they provide in their search results. It is not hard to predict that such an
obligation (beyond automated copyright checks) would soon lead to the end of
search engines, which rely upon automated searches that are unable to exactly
assess the copyright situation for the content to which the search result is leading.
Probably having this result in mind, the Federal Court of Justice in Germany recently
handed down a decision exempting search engines from the GS Media doctrine by
balancing social interests and interests of rightholders.34 The court declared that the
provider of a search engine cannot reasonably be expected to ascertain whether the
images of works or photographs found by the search programs have been lawfully
posted on the Internet before they are reproduced as thumbnails.35 Moreover, search
engines are of essential importance for the use of the Internet which itself is of
particular importance for the freedom of expression and information guaranteed by
Article 11 of the Charter of Fundamental Rights of the European Union (CFR).36
Thus, the court balanced the different interests and did not apply the GS Media
doctrine. Above that, it stated that there is no question relevant to the decision on the
interpretation of Directive 2001/29/EC that cannot be clarified by the case-law of
34
BGH, Urt. v. 21.9.2017, GRU 2018, p. 178.
35
BGH, Urt. v. 21.9.2017, GRU 2018, pp. 178, 185, Recital 60.
36
BGH, Urt. v. 21.9.2017, GRU 2018, pp. 178, 184, Recital 55, 62.
20 G. Spindler
the CJEU or answered beyond doubt (meaning a so-called “acte clair”) so that a
deference to the CJEU was superfluous according to the Federal Court of Justice.37
3 Access Providers, WiFis, and Injunctions
Besides host providers (or platforms), which make user generated content available,
access providers are under attack by rightholders as well, be it large telecommunica-
tion providers or operators of WiFi-hotspots. As claims against those who are pirat-
ing content or against host providers supporting them are increasingly useless as
these pirates and/or host providers are located outside the EU in countries where the
enforcement level is low, rightholders seek for injunctions against access providers
to block access to those websites and content. The basic conflict is obvious: general
injunctions and blocking of websites could result in an overblocking, thus, imped-
ing free (lawful) exchange of ideas and data. Moreover, there are severe doubts if
blocking of websites really is effective in deterring pirates or works at all as they can
be circumvented. Hence, the balance of these differing interests of lawful users,
content providers, access providers, and rightholders, is the center of many jurisdic-
tional developments across the EU, including seminal decisions of the CJEU.
3.1 European Setting
The first judgement of the CJEU, which touched upon actions against access pro-
viders, concerned an injunction filed against Scarlet extended, a Belgian internet
service provider. The Belgian collecting society Société d’Auteurs Belge—
Belgische Auteurs Maatschappij (SABAM) claimed that Scarlet should monitor and
filter all traffic of its users to detect and prevent copyright infringements. However,
such a claim clearly contradicted Art. 15 of the E-commerce-Directive, which pro-
hibits any duty to monitor general data traffic. Nevertheless, the CJEU went further
by invoking not only the E-commerce-Directive but also the fundamental rights of
users enshrined in the CFR, such as the right to protection of their personal data and
their freedom to receive or impart information.38
However, just some years after the SABAM-case, the CJEU had to decide
another case coming from Austria and concerning an injunction filed by a right-
holder against an access provider: UPC Telekabel. Although the CJEU in general
upheld the reasoning from the SABAM-case, the CJEU balanced interests of right-
holders with those of providers and users, also considering that rightholders shall
not be totally unprotected. Hence, the CJEU held in sum that blocking injunctions
BGH, Urt. v. 21.9.2017, GRU 2018, pp. 178, 187, Recital 78.

37
CJEU, Scarlet Extended SA v Société belge des auteurs, compositeurs et éditeurs SCRL (SABAM),
38
Case C 70/10, Judgment of 24 November 2011, Recital 50.

is allowed by EU law, in particular by Art. 8.3 of the InfoSoc-Directive and Art. 11

of the Enforcement-Directive, and is also based on the CFR. However, the Court
required national courts to carefully balance the fundamental rights of all parties
involved in blocking injunctions, in particular third party interests such as users who
look for lawful content. In particular, the Court demanded (national) procedural
guarantees so that interest of third parties could be considered.39
The last decision of the CJEU concerned a case deferred by a regional court in
Germany (Landgericht München) asking the CJEU if and how operators of WiFi
spots are obliged to protect their WiFi against illegal use by third parties. The CJEU
affirmed the reasoning of UPC Telekabel by stating that WiFi operators are to be
treated like access providers (“making (…) network available to the general public
free of charge constitutes an ‘information society service’ within the meaning of
Article 12.1 of the Directive 2000/31”) and thus are in principle obliged to block
illegal websites, etc. In contrast to the opinion of Advocate General Szpunar,40 the
CJEU also stated that the Wifi operator is not precluded from paying the costs of
giving formal notice and court costs related to the rightholder’s claim for injunctive
relief. Although the Court rejected an operator’s duty to monitor all of the informa-
tion transmitted, as well as a duty to terminate the internet connection completely,
it requires WiFi operators to take measures to secure the internet connection respec-
tively to protect their networks by passwords or other tools to identify users and to
dissuade them from infringing copyright or related rights41—however, it remains
unclear if these means are indispensable as the regional court just referred to them,
leaving aside other technical means such as port blocking, etc.
3.2 Legal Reform in Germany
The political wish for better access to the internet (agreed by the grand coalition in
the last governmental period) led to proposals how to free WiFi operators from legal
risks, in particular injunctions. Thus, Germany recently amended the Telemedia Act
(Sect. 7, 8) in 201742, exempting all access providers from any kind of liability, in
particular for injunctions. As the legislator realized that the CJEU decisions (and the
referred directives) have to be respected, a new claim for blocking websites has
been introduced in Sect. 7 (4) of the Telemedia Act, which should then substitute
general injunction claims. Moreover, the new Sect. 8 (4) prohibits authorities
39
CJEU, UPC Telekabel Wien GmbH v Constantin Film Verleih GmbH, Wega
Filmproduktionsgesellschaft mbH, Case C 314/12, Judgment of 27 March 2014.
40
Opinion of Advocate General Szpunar on Tobias Mc Fadden v Sony Music Entertainment
Germany GmbH, C 484/14, Opinion of 16 March 2016.
41
CJEU, Tobias Mc Fadden v Sony Music Entertainment Germany GmbH, Case C 484/14,
Judgment of 15 September 2016, Recital 87 et seq.
42
Drittes Gesetz zu Änderung des Telemediengesetzes vom 28. September 2017, Bundesgesetzblatt,
vol. I, p. 3530.
22 G. Spindler
(obviously not courts) to oblige providers to collect and save personal data from
users or to request a password from them before granting them access. Claims for
blocking are of subsidiary character as they depend on foregoing attempts of right-
holders to identify the infringing persons and proportionality requirements. Further,
blocking claims are restricted to WiFi operators, as well as to infringements of intel-
lectual property rights.
It is not hard to see that the restriction to WiFi operators is not in line with the
CJEU decision in UPC Telekabel, as all other access providers are freed from
injunctions—in contrast to the CJEU’s interpretation of the InfoSoc- and the
Enforcement-Directive. Hence, it did not come as a surprise that the first cases
against access providers (not WiFis) were brought to the Federal Court of Justice in
Germany. The Court ruled that the new blocking claims provided by Sect. 7 (4)
Telemedia Act also have to be applied to other access providers to avoid contradic-
tions to the European law.43 The Federal Court of Justice in Germany also basically
accepted the concept of blocking ports; concerning passwords, the Court obviously
also deemed them to be required from WiFi operators, as well as “normal” access
providers.
4 Conclusion
As mentioned, all developments circle around the difficult multipolar relationship

between rightholders (and enforcement against infringements), users’ interest to
uphold free exchange of data and ideas, and providers that oscillate between total
neutral infrastructure (such as access providers), benefiting from user generated
content (such as host providers like YouTube or Facebook), and clearly criminal
providers such as kinox.to that are dedicated to piracy actions.
Moreover, issues of data protection are also part of the complex balance of inter-
ests as any enforcement against infringers implies their identification. As the discus-
sion concerning Art. 13 of the Copyright Package proposal shows, any upload filter
or content identification mechanism per se implies data protection issues.
Hence, without checking identity and traffic data, it is quite difficult for right-
holders to enforce their rights. Anonymity, as one of the basic principles of the
internet (as even courts such as the Federal Court of Justice in Germany has
recognized them),44 obviously contradicts the necessity of identifying infringers. As
known, the CJEU has established severe tests to be passed to retain data.45 Although
43
BGH, Urt. v. 26.7.2018, GRU 2018, p. 443; cf. Comments by Spindler (2016), p. 16 with more
references of the national discussion.
44
Such as BGH, Urt. v. 23.6.2009, EBZ 181, p. 328.
45
CJEU, Digital Rights Ireland Ltd v Minister for Communications, Marine and Natural Resources
et al. and Kärntner Landesregierung et al., in joined Cases C 293/12 and C 594/12, Judgment of 8
April 2014; CJEU, Tele2 Sverige AB v Postoch telestyrelsen and Secretary of State for the Home
Department v Tom Watson, Peter Brice, Geoffrey Lewis, interveners: Open Rights Group, Privacy
these decisions referred to the former EU directive on data retention and to similar
national acts (here: Sweden) and thus to data retention for public purposes, the same
principles safeguarding data protection could be applied to private purposes.
However, without data retention (be it on the side of access providers or host provid-
ers), rightholders are unable to identify infringers.
Given the problems rightholders are facing when trying to identify infringers, as
well as to enforce claims against them, it comes to no surprise that intermediaries
have increasingly become the target for their claims, as some kind of last resort.
Hence, anonymity and possibilities to enforce claims are closely related to liability
of intermediaries. Moreover, if providers are benefitting from anonymous users
(e.g. advertising, etc.) and do not track their activities (or at least not to the benefit
of rightholders rather than their own benefits such as personal profiles for market-
ing), it is hard to shield them from liability as they “externalize” risks that righthold-
ers cannot cope with (in particular not without relevant data).
On the other hand, it can also not be denied that strong data retention rules,
upload filter, etc., endanger free exchange of ideas and data as they produce chilling
effects. Moreover, automated upload filters in particular, as suggested by the
COREPER proposal and the EP vote, cannot distinguish between infringements and
legitimate limitations such as the citation rule or satire. Hence, upload filters will
also cause a dramatic reduction of legitimate uses—like overblocking websites,
etc.46
The puzzle between free exchange of ideas and data and anonymity on one side
and the protection of rightholders (as well as other regulatory issues) on the other,
seems to be unsolvable. However, if we set aside the provisions of InfoSoc and
Enforcement-Directive for a moment, a solution based on the idea of levies would
be the preferred option. If we go back in history, when the first tape recorders
appeared, rightholders’ complaints and their claims had been somehow similar:
injunctions against producers, traders, and users of tape recorders became famous at
the end of the 50s and early 60s. However, the solution of the legislator was not to
ban production of tape recorders or to require retailers to identify buyers and even
go to their living rooms to check what they were doing. Instead, the legislator opted
for the introduction of a limitation to copyright for private purposes accompanied
by a levy for hardware producers to compensate economic losses for rightholders—
a model which is still in use today, albeit, there are still a lot of disputes between
rightholders (and collecting societies) and hardware producers about the right
amount of levies. This model can also serve as blue print for online sharing plat-
forms such as YouTube or Facebook and even for access providers—thus avoiding
any quarrels about using internet facilities in a lawful manner whilst guaranteeing
International, The Law Society of England and Wales, in joined Cases C 203/15 and C 698/15,
Judgment of 21 December 2016.
46
A comprehensive list of arguments and references regarding the feared effects of upload-filters
can be found on Julia Reda’s (member of the European Parliament) homepage. https://juliareda.eu/
eu-copyright-reform/censorship-machines/.
24 G. Spindler
rightholders a fair income.47 Users and platforms would benefit from limitations
allowing for user generated content, whilst rightholders can claim adequate levies
that will be calculated upon traffic data or statistically monitored use of their works
on the platforms. Such a model could avoid all the quarrels that deeply affect society
and strike a balance between freedom of communication and the rights of authors,
musicians, etc.48
References
A comprehensive list of arguments and references regarding the feared effects of upload-
filters. Available at Julia Reda’s homepage. https://juliareda.eu/eu-copyright-reform/
censorship-machines/.
Amendments adopted by the European Parliament on 12 September on the proposal for a direc-
tive of the European Parliament an of the Council on copyright in the Digital Single Market
(COM(2016)0593 – C8-0383/2016 – 2016/0280(COD)), P8_TA(2018)0337
Αxel Voss, Report on the proposal for a directive of the European Parliament and of the Council on
copyright in the Digital Single Market (COM(2016)0593 – C8-0383/2016 – 2016/0280(COD)),
A8-0245/2018 of 29.6.2018
BGH, Urt. v. 21.9.2017, GRU 2018, p 178
BGH, Urt. v. 23.6.2009, EBZ 181, p 328
BGH, Urt. v. 26.7.2018, GRU 2018, p 443
Christina Angelopoulos und Joao Pedro Quintais (2018) Fixing Copyright Reform: How to
address online infringement and bridge the “value gap”. http://copyrightblog.kluweriplaw.
com/2018/08/30/fixing-copyright-reform-address-online-infringement-bridge-value-gap
CJEU, Digital Rights Ireland Ltd v Minister for Communications, Marine and Natural Resources
et al. and Kärntner Landesregierung et al., in joined Cases C 293/12 and C 594/12, Judgment
of 8 April 2014
CJEU, Google SARL v Louis Vuitton Malletier SA and Others, Case C 236/08, Judgment of 23
March 2010
September 2016
CJEU, L’Oréal SA v eBay International AG and Others, Case C 324/09, Judgment of 12 July 2011
C 466/12, Judgment of 13 February 2014
Case C 70/10, Judgment of 24 November 2011
CJEU, Tele2 Sverige AB v Postoch telestyrelsen and Secretary of State for the Home Department
v Tom Watson, Peter Brice, Geoffrey Lewis, interveners: Open Rights Group,Privacy
International,The Law Society of England and Wales, in joined Cases C 203/15 and C 698/15,
Judgment of 21 December 2016
47
Cf. also Spindler (2013).
48
A comparable model was introduced by Leistner and Metzger (2017), p. 381; similarly
Angelopoulos C and Quintais J P, Fixing Copyright Reform: How to address online infringement
and bridge the “value gap”. http://copyrightblog.kluweriplaw.com/2018/08/30/fixing-copyright-
reform-address-online-infringement-bridge-value-gap/: advertising “a statutory license based on a
mandatory exception for individual online users that covers the non-commercial use of works on
user-generated content platforms (…) tied to an unwaivable right of fair compensation”.
CJEU, UPC Telekabel Wien GmbH v Constantin Film Verleih GmbH, Wega
Filmproduktionsgesellschaft mbH, Case C 314/12, Judgment of 27 March 2014
Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain
legal aspects of information society services, in particular electronic commerce, in the Internal
Market, OJ L 178/1
harmonization of certain aspects of copyright and related rights in the information society, OJ
L 167/10
Gutachten erstellt im Auftrag der Bundestagsfraktion “Bündnis 90/DIE GRÜNEN”. Available at
https://www.gruenebundestag.de/fileadmin/media/gruenebundestag_de/themen_az/medien/
Gutachten-Flatrate-GrueneBundestagsfraktion__CC_BY-NC-ND_.pdf. CC BY NC ND 2.0
Leistner M (2017) Die “The Pirate Bay”-Entscheidung des EuGH: ein Gerichtshof als Ersatz-
gesetzgeber. GRUR 8:755
Leistner M, Metzger A (2017) The EU copyright package: a way out of the Dilemma in two stages.
IIC 48(4):381–384
Peguera M (2018) Hyperlinking under the lens of the revamped Right of Communication to the
Public. Comp Law Secur Rev 34(5):1099–1130
Single Market COM (2016) 593 final
Spindler G (2013) Rechtliche und Ökonomische Machbarkeit einer Kulturflatrate: Gutachten
Spindler G (2016) Text und Data Mining –urheber-und datenschutz rechtliche Fragen. GRUR
11:1112
Therese Comodini Cachia, Draft Report for the Committee on Legal Affairs on the proposal for
a directive of the European Parliament and of the Council on copyright in the Digital Single
Market (COM(2016)0593 – C8-0383/2016 – 2016/0280(COD)), 2016/0280COD of 10.3.2017
Chapter 2
Who Is a Lawful User in European
Copyright Law? From a Variable
Geometry to a Taxonomy of Lawful Use
Tatiana-Eleni Synodinou
Abstract This chapter analyses the concepts of “lawful user”, “lawful use” and
“lawful access” in European copyright law. These concepts, which appeared in sec-
toral EU copyright legislation, still remain largely unexplored. Firstly, the emer-
gence of these concepts is analysed, while possible interpretations are discussed.
The author rejects restrictive interpretations that result in defining lawful use solely
in terms of the private will of the copyright holders, and argues in favour of a uni-
form and dynamic definition of the concept of “lawful use”, which could include
elements of fairness and reasonableness in the rigid EU copyright acquis. The
author argues that it is vital to conceive these concepts flexibly to include uses
implied by the interpretation of contracts between right holders and users, in accor-
dance with standards of fairness and good faith. Furthermore, it is demonstrated that
for the Court of Justice of the EU (CJEU) the concept of lawfulness of use is linked
to the mens rea of the user, in the sense that the use will not be lawful if the user was
aware—or ought to have been aware—of the manifestly unlawful nature of the copy
of the work reproduced or made available to the public.
The insertion of these concepts into European copyright law could be seen as a
silent revolution that alters the nature of copyright law and opens the door to a more
calibrated co-existence of the interests of right holders and users. However, since
the standards of reasonableness and fairness vary among the national legal tradi-
tions of the Member States, a uniform legislative definition of these concepts is
necessary at European level. The author proposes a taxonomy of lawful use that
consolidates the EU copyright acquis on lawful use. The EU taxonomy of lawful
use will comprise a horizontal definition of lawful use, accompanied by a list of
categories of lawful use, together with a clause of exemption from liability for non-
commercial users who are not in a position to be aware of the unlawful nature of the
source of the copy that they used based on copyright exceptions.
The author concludes that recognition of the concepts of “lawful user” and “law-
ful use” injects a new subversive approach into copyright law. These concepts can
have a dual function and be used either to reinforce the position of users or to restrict
T.-E. Synodinou (*)

Law Department, University of Cyprus, Nicosia, Cyprus
e-mail: synodint@ucy.ac.cy

https://doi.org/10.1007/978-3-030-25579-4_2
28 T.-E. Synodinou
the uses made of copyright-protected works and to make the users liable for copy-
right infringement. In the author’s view, a necessary pre-condition for a balanced
application of these legal norms is the establishment of all copyright exceptions as
ius cogens, whose protection could be claimed by users before the courts.
1 Introduction
Researching the position of lawful user in copyright law would still have been con-
sidered as heresy some years ago. Copyright doctrine is characterised by the absence
of the user.1 This controversy stems mainly from the dominant author-centred
approach of European continental copyright law (the so-called “author’s right”
approach). According to this approach, the natural person of the author of the intel-
lectual creation is the cornerstone of the protection awarded. Public interest is satis-
fied by the establishment of strictly defined exceptions or limitations to copyright.
These exceptions or limitations are not granted in favour of a legally recognised
individual entity, but in a general and abstract way in favour of the public. In other
words, the end-user of the works of intellect is not recognised as an individual entity
that can claim the application of exceptions or limitations to copyright. Moreover,
exceptions or limitations are not traditionally considered as rights of the end-users.
The absence of the concept of the “user” in copyright law is also linked to another
issue: the fundamental copyright premise that the mere use of works is free2 and the
traditional disinterest of copyright law for personal uses that do not have a commer-
cial nature. Indeed, since controlling access to and use of copyright-protected works
by private users was not a realistic goal, copyright holders have mainly focused on
controlling reproductions and communications to the public that have a commercial
nature. However, the digital era changed this paradigm and it is now possible to
control access to and use of works by private users.3 In light of the above, the con-
cepts of the “use” and the “user” of copyright-protected works have obtained an
autonomous status in copyright legislation and case law.
The formal emergence of the concept of “lawful user” in European copyright law
has consolidated a silent but ground-breaking evolution. More than two decades
after the sudden landing of the concept of “lawful user” in the universe of European
copyright law, this concept has been confirmed and partially clarified, both by EU
legislation and case law. Nonetheless, the concept of “lawful user” is still seen as a
weird guest in the copyright law family, while it is amorphous and lacks a proper
definition.
This chapter is divided into three main parts. In Sect. 2, the emergence, the
notional core and the role of the concepts of “lawful user”, “lawful use” and “lawful
access” in European copyright legislation will be analysed. Section 3 will research
1
Synodinou (2010), pp. 819–843; Cohen (2005), pp. 347–374.
2
Westkamp (2004), p. 1057.
3
Dusollier (2000), pp. 25–52; Ginsburg (2000).
2 Who Is a Lawful User in European Copyright Law? From a Variable Geometry… 29
the perplexing current understanding of lawful use and the controversies surround-
ing variant interpretations of lawful use. It will also demonstrate that it is essential
to promote a horizontal and dynamic definition of lawful use, based on standards of
fairness and responsibility. Section 4 will propose a taxonomy of lawful use that
consolidates the EU copyright acquis on lawful use.
2 T
he Emergence of the Concepts of the “Lawful User”
and “Lawful Use” in European Copyright Legislation
2.1 T
he Introduction of the Concept in the Software
and the Database Directive
The concept of “lawful user” made its first appearance in the Computer Programs
Directive.4 Under the Directive, only the “lawful user” is entitled to enjoy the excep-
tions to the right holder’s copyright monopoly over the computer program.
The Directive has introduced the concept, but paradoxically does not establish a
clear terminology and does not use an identical term for defining the person who is
entitled to enjoy the exceptions. In this context, the term “lawful acquirer of the
program” or descriptive definitions such as the “person having a right to use the
computer program” or the “person having a right to use a copy of a computer pro-
gram” are used indiscriminately to determine the person who can lawfully invoke
the application of copyright exceptions.5
The concept reappears five year later in the Database Directive.6 In this context,
the person who can claim the application of the exceptions established by this
Directive is defined consistently as the “lawful user of a database”.
Although the two Directives do not use the same term, the meaning of the con-
cept in both Directives has to be perceived as identical. Indeed, all the terms corre-
spond to a sole entity that can be globally defined as the “lawful user”. This approach
is also dictated by practical reasons. It is the only one that is consistent with the
technological reality of co-existence of electronic databases and computer programs
in the same medium.
This interpretation seems to be implicitly confirmed by the Report published by
the Commission on the implementation and effects of Directive 91/250/EEC on the
4
Council Directive 91/250/EEC of 14 May 1991 on the legal protection of computer programs, OJ
L 122, 17.5.1991, pp. 42–46. The Directive has meanwhile been codified. See: Directive 2009/24/
EC of the European Parliament and of the Council of 23 April 2009 on the legal protection of
computer programs (Codified version) OJ L 111, 5.5.2009, pp. 16–22.
5
Synodinou (2010).
6
Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal
protection of databases, OJ L 77, 27.3.1996, pp. 20–28.
30 T.-E. Synodinou
legal protection of computer programs.7 As stated in the Report, Articles 6 and 8 of

the Database Directive (Directive 96/9/EC), which use the term “lawful user”, were
modelled along the lines of Article 5 (1) of the Computer Programs Directive. In any
case, since the CJEU has not expressly dealt with this question, the issue will have
to be addressed in a future consolidation or codification of the EU copyright acquis.
From a copyright policy point of view, the introduction of the concept of “lawful
user” constitutes the expression of a new perception of the delimitation of copyright
monopoly. It is the first time ever that the individualised entity of the user of
copyright-protected works is recognised as an autonomous subject who is entitled
to exercise certain legal prerogatives in the form of mandatory copyright exceptions.
Indeed, the introduction of the concept of “lawful user” carries great symbolism, but
it would have remained a purely theoretical advance if the lawful user’s capacity to
enjoy the use of copyright-protected works was not safeguarded or guaranteed.
Another original feature of both Directives is that they establish some of the excep-
tions in favour of lawful users as mandatory. Article 9 of Directive 91/250/EC states
that any contractual provisions that limit or abrogate the right to create a back-up
copy of a computer program, to observe, study and test the program and to decom-
pile the program to achieve interoperability shall be considered as null and void.8
Article 15 of Directive 96/9/EC also declares the binding nature of some exceptions.
Any contractual provision contrary to Articles 6 par. 1 and 8 of the Directive shall
be treated as null and void.
This has a specific significance in terms of determining their legality. Assigning
a mandatory nature to exceptions or limitations to copyright injects a new perspec-
tive into copyright exceptions. This development could be seen as an indirect recog-
nition of the category of “user rights” as an essential counterbalance to copyright
protection. Thus, in addition to the concept of “lawful use”, a new category of “legal
prerogatives” also emerges: the “rights of the lawful user”.
The emergence of the concept of “lawful user” in two Directives concerning the
protection of information assets is not accidental. This is consistent with the con-
tractual reality of transactions involving information goods. The legal terminology
is strongly influenced by the contractual arrangement that presupposes at least two
distinct parties: the creditor and the debtor. Computer programs and electronic data-
bases are mostly distributed through preformatted, standard and non-individualised
licences that lay down their terms of use, in very precise and restrictive detail, and
impose very broad and detailed obligations on the licensee. In this context, the
abstract notion of the “public” is replaced by the more specific concept of a particu-
lar entity that has the right to use the computer program or the database: the “lawful
user”. In parallel, the almost total pre-eminence of the contract as the legal instru-
ment regulating the terms of use of information goods has highlighted the need to
legally guarantee a minimum space of free use within the contractual perimeter of
restricted uses. This was achieved by the legal recognition of “the rights of the law-
ful user”.
7
Report from the Commission to the Council, the European Parliament and the Economic and
Social Committee on the implementation and effects of Directive 91/250/EEC on the legal protec-
tion of computer programs, Brussels, 10.04.2000 COM (2000) 199 final.
8
See article 8 of Directive 2009/24/EC (codified version of Directive 91/250), (supra n. 3).
More broadly, determining a distinct legal subject of such rights, the person of
the “lawful user”, who can claim the application of copyright exceptions and recog-
nition of the exceptions as “legal prerogatives” of the lawful user that cannot be
overridden by the contractual will, has irreversibly marked the advent of a more
active approach in relation to copyright exceptions in EU copyright law. Indeed, one
of the most controversial issues of modern copyright law is that of determining the
legality of the exceptions to copyright law. Do they grant copyright users a simple
legal right to act that is based on permissive legal rules or do they grant real enforce-
able rights? Directive 2001/29 did not reply to this question. An approach favouring
a general prevalence of copyright exceptions over contractual clauses emerged in
the Verwertungsgesellschaft Wort (VG Wort) cases,9 where the CJEU appears to sup-
port the view that Member States generally have a choice over whether to allow
exceptions to be overridden by, limited by, or be otherwise dependent on contract
terms. However, where contract or licence terms are not expressly allowed by
domestic copyright laws to limit the scope of an exception, the default position is
that the exception will prevail over any rights holder authorisation.10 Whether this
approach would become a prevailing principle in European copyright law remains
to be seen. In domestic copyright laws, the way exceptions are dealt with could be
used as an indicator of their legality.11 However, the way these exceptions are for-
mulated must be combined with other elements, such as the dominant philosophy
regarding the place of the author and the justification of copyright law in each spe-
cific national legal tradition.12 Furthermore, particular significance should be given
to the degree of recognition in every legal tradition of the principles of freedom of
contracts and of the autonomy of the parties, and to the philosophical and legal
justification of each separate exception.13
In conclusion, the emergence of the concept of the “lawful user” and of the
“rights” of the lawful user represents a significant step towards a more balanced
calibration of interests in European copyright law, since for the first time, the posi-
tion of the user as an individualised subject of “rights” is being officially recog-
nised. On the other hand, this evolution is also characterised by a paradox. For the
9
CJEU, Verwertungsgesellschaft Wort (VG Wort) v Kyocera and Others (C-457/11) and Canon
Deutschland GmbH (C-458/11) and Fujitsu Technology Solutions GmbH (C-459/11) and Hewlett-
Packard GmbH (C-460/11) v. Verwertungsgesellschaft Wort (VG Wort), ECLI:EU:C:2013:426.
10
See par. 37 of VG Wort, op. cit.: “Where a Member State has decided, pursuant to a provision in
Article 5(2) and (3) of Directive 2001/29, to exclude, from the material scope of that provision, any
right for the rightholders to authorise reproduction of their protected works or other subject-mat-
ter, any authorising act the rightholders may adopt is devoid of legal effects under the law of that
State.”
11
Caron (2006), p. 273.
12
According to Lucas A, while the author-centred approach of French copyright law is not compat-
ible with the recognition of the exceptions and limitations to copyright as “rights”, in other copy-
right systems where the mechanism of balancing of rights is accepted the recognition of exceptions
as user rights should not be rejected. See Lucas et al. (2017), p. 356.
13
Geiger (2004), p. 121; Dusollier et al. (2000).
32 T.-E. Synodinou
first time ever, exceptions that take the legal form of “users’ rights” are granted only
in favour of lawful users and not in favour of the public in general.
It is necessary, then, to opt for a flexible definition of these concepts, and not to
apply purely formalistic standards. It is noteworthy that this dynamic and open-
ended approach could operate not only as an enabling, but also as a restrictive,
method of interpretation, by promoting a prototype of lawful use that is formed on
the grounds of fairness and responsibility. Generally speaking, such flexibility is
necessary in modern EU copyright law, which has hitherto crystallised in the form
of strictly structured legal machinery with no room for openness. Indeed, as
Hugenholtz and Senftleben note: “Like any other structure of rulemaking, copyright
law must mediate between the maxims of legal security, which favors precisely
defined legal provisions that provide optimal predictability ex post, and of fairness,
which favors open and flexible legal concepts that allow a wide margin of judicial
appreciation ad hoc”.14 In this context, interpreting “lawful use” openly, in a way
that ensures that legal norms such as good faith, reasonableness and fairness are also
considered, will strengthen flexibility within copyright law. It will also promote a
prototype of use of copyright-protected works that will not be exclusively dictated
either by the private will of the right holders or, conversely, by the growing disre-
spect demonstrated by users in relation to copyright protection.
This “fair” prototype of lawful use, however, should not be left to the national
discretion of the Member States, but should be given a uniform meaning in European
copyright law instead. As we will show, the CJEU’s stance on the position of the
user appears to embrace such an approach.
2.2 “ Lawful Use” in the Temporary Copy Exception

Established by the Information Society Directive
In 2001, the adjacent concept of “lawful use” appears in the Information Society
Directive. The Directive does not define the lawful user as the sole beneficiary of
copyright exceptions. However, the mandatory temporary copy exception provided
for by Article 5 par. 1 presupposes either acts of reproduction whose sole purpose is
to enable transmission by an intermediary on a network between third parties, or
lawful use to be made of a work or other subject matter.
In this case, the “lawfulness” of the use is not directly assessed in relation to the
user’s status in the way it is in the Software and the Database Directives, but in rela-
tion to the purpose of the act of reproduction.15 The question, therefore, is whether
the concepts of “lawful user” and “lawful use” in the three Directives should be
understood as having a similar or analogous meaning and function.
14
Hugenholtz and Senftleben (2011).
15
Dussolier (2005), p. 449.
Indeed, the reference to the user’s status in the Software and the Database
Directives reflects the situation common at the time of the adoption of these
Directives, whereby the information asset (software, database) is acquired as a
product by an end-user. On the other hand, the reference to “lawful use” in the
Information Society Directive is broader and more technologically neutral, in the
sense that it aims to cover the provision of every copyright-protected work both as
a product and as a service that can lawfully access the work. In this context, it covers
temporary digital reproductions made by users, either when accessing a work of
mind via the Internet or by other means. For example, a licence to make photocopies
of a copyright-protected work might not expressly refer to the making of temporary
electronic copies of the document stored in the photocopier. In such a case, the tem-
porary copy exception of Article 5 par. 1 will permit the making of such electronic
copies as part of a lawful, authorised use.16 Furthermore, although lawful use in the
Information Society Directive refers to the act of reproduction, it would be some-
what inconsistent to assume that an act of lawful use (the making of a temporary
copy allowing lawful use) could be undertaken by a person who is not a lawful user.
As we shall see, it is essential that a uniform and flexible interpretation be given to
both concepts.
On the meaning of the concept of “lawful use”, Recital 33 of the Information
Society Directive defines “lawful use” broadly as any use that is authorised by the
right holder or not restricted by law. There are two alternative criteria for assessing
the “lawfulness” of use. Either such use is authorised by the right holder (either
expressly or implicitly if a work is made freely available through a website without
any terms and conditions governing its use) or it is not restricted by law. In that
sense, although it is not entirely clear, it appears that a use would be lawful if it is
based on a copyright exception or limitation17 or even on other legal grounds outside
the purview of copyright law. Consequently, while a use that relies on the right
holder’s authorisation is a lawful use, it is also possible to assess whether a use is
lawful, even without such authorisation, if the use relies on copyright exceptions
and limitations, provided that these exceptions have not been contractually forbid-
den, unless they are mandatory.
The CJEU was called upon to interpret the prerequisite of “lawful use” laid down
in Article 5 par. 1, in the Infopaq II, in the Football Association Premier League case
and in the recent Filmspeler case.
First, the Court adopted a broad construction of the concept of “lawful use”, with
reference to Recital 33 of the Information Society Directive.18 In Infopaq II,19 the
Court confirmed that specific authorisation by the copyright holder is not required
for asserting that the use is lawful. The Court held that the drafting of a summary of
newspaper articles, albeit not authorised by the copyright holders, was not restricted
16
Headdon (2011), pp. 15–18.
17
Van Eechoud et al. (2009), p. 116.
18
Seville (2016), p. 75.
19
CJEU, Infopaq International A/S v Danske Dagblades Forening, Case C-302/10, Order of the
Court of 17 January 2012, ECLI:EU:C:2012:16, par. 44 and 45.
34 T.-E. Synodinou
by the applicable legislation and the use could not be deemed unlawful. Similarly,
in its judgment of 4 October 2011 in Football Association Premier League,20 the
Court was called upon to analyse whether the temporary copy exception could
apply to ephemeral acts of reproduction taking place upon the mere reception of
satellite broadcasts by television viewers. It held that the picking up of such broad-
casts and their visual display in a private circle did not constitute an act restricted by
legislation and that such reception was to be considered lawful in the case of broad-
casts from a Member State, when brought about by means of a foreign decoding
device.
On the other hand, in the recent Filmspeler case,21 the CJEU affirmed that the
temporary copy exception permitted by Article 5 par. 1 of the InfoSoc Directive
cannot be relied on by users of Kodi boxes, and thus of multimedia players on which
there are pre-installed add-ons, which modify the settings and allow the Kodi box
user to have access to private servers on which copyright-protected works have been
made available to the public without the right holders’ consent. Even if the content
is streamed to the device, a technical and temporary copy of the work is still held in
the device’s memory. The CJEU firmly rejects the application of the exception of
temporary reproduction, since it is clear that these settings do not correspond to a
lawful use. On the contrary, these temporary reproductions on multimedia players
are made in the course of a clearly illegal use, since the users of such devices are
deliberately accessing a free and unauthorised database of protected works.22
Therefore, the users of the device are not lawful users and they are also infringing
copyright law, because no copyright exception can be invoked in their favour in rela-
tion to the reproductions made. This is in line with the finding of the CJEU in the
seminal ACI Adam case,23 where it was held that it would be impossible for users to
invoke the private copy exception for copies made from an unlawful source.
Consequently, EU law must be interpreted as precluding national legislation that
does not distinguish the situation in which the source from which a reproduction for
private use is made is lawful, from that in which that source is unlawful.
From the above, it appears that the CJEU has opted for a flexible definition of the
notion of “lawful use” based on the equally broad formulation of Recital 33 of the
Information Society Directive, in the sense that a lawful use could also be any use
that is not restricted by law, and therefore any use that can rely on copyright excep-
tions. However, as the Filmspeler judgment shows, the assessment made of the
“lawfulness” of use on the grounds of a copyright exception is holistic, in the sense
20
CJEU, Football Association Premier League Ltd and Others v QC Leisure and Others (C-403/08)
and Karen Murphy v Media Protection Services Ltd (C-429/08), ECLI:EU:C:2011:631, par. 170 to
172.
21
CJEU, Stichting Brein v Jack Frederik Wullems, Case C-527/15, Judgment of 26 April 2017,
ECLI:EU:C:2017:300.
22
Stichting Brein v Jack Frederik Wullems, ibid, par. 69.
23
CJEU, ACI Adam BV and Others v Stichting de Thuiskopie and Stichting Onderhandelingen
Thuiskopie vergoeding, Case C-435/12, Judgment of 10 April 2014, ECLI:EU:C:2014:254.
that the status of the user’s knowledge in relation to the lawfulness of the source of
the copy of the work, which is accessed and used, is also considered.
2.3 T
he Various Shades of Lawfulness in EU Copyright Law:
“Lawful Use” and “Lawful Access” in the Digital Single
Market Copyright Package
The concept of “lawfulness” is also present in the Directive on Copyright in the

Digital Single Market. Specifically, “lawful access” to works or other protectable
subject-matter is a prerequisite for enjoyment of the text and data-mining (TDM)
exception.24 The prerequisite of “lawful access” is not a novelty in the Digital Single
Market Package, since Article 6 (4) of the Directive 2001/29 referred to the neigh-
bouring concept of “legal access”.25
When referring to “lawful access” as a condition for enjoyment of the exception,
the text follows the model of the UK text on the data-mining exception26 and not the
criterion set in the French text on the data-mining exception,27 which covers repro-
ductions from “lawful sources” (material lawfully made available with the right
holders’ consent).28
The text of the Directive does not define what “lawful access” is. However, some
indications are to be found in Recital 14 of the Directive, where it is explained that
lawful access to copyright-protected content occurs when researchers have access
through subscriptions to publications or open-access licences. Furthermore, it is
stated that lawful access could be based on subscriptions, but also on other lawful
means. For instance, in the case of subscriptions taken by research organisations or
cultural heritage institutions, the persons attached there to and covered by those
subscriptions should be deemed to have lawful access. Lawful access should also
cover access to content that is freely available on line. Since the wording is different
from that of the Software, the Database and the Information Society Directives, the
24
Directive EU 2019/790 of the European Parliament and of the Council of 17 April 2019 on copy-
right and related rights in the Digital Single Market and amending Directive 96/9/EC and 2001/29/
EC, OJ L 130, 17.5.2019, p. 92–125.
25
“6. 4. Notwithstanding the legal protection provided for in paragraph 1, in the absence of volun-
tary measures taken by rightholders, including agreements between rightholders and other parties
concerned, Member States shall take appropriate measures to ensure that rightholders make avail-
able to the beneficiary of an exception or limitation provided for in national law in accordance
with Article 5(2)(a), (2)(c), (2)(d), (2)(e), (3)(a), (3)(b) or (3)(e) the means of benefiting from that
exception or limitation, to the extent necessary to benefit from that exception or limitation and
where that beneficiary has legal access to the protected work or subject-matter concerned”.
26
Copyright, Designs and Patents Act 1988, § 29A (UK).
27
Art.38 of the Law No. 2016-1231 of for a Digital Republic added paragraph 10 to Art.L122-5 and
paragraph 5 to Art. L 342-3 of the Intellectual Property Code (Code de la propriété intellectuelle,
CPI).
28
Geiger et al. (2018), p. 17.
36 T.-E. Synodinou
nature of the relationship between “lawful access” and “lawful use” is not clear at
first sight.
First, the two concepts could be differentiated chronologically. Accordingly,
lawful access should be differentiated from lawful use, since lawful access refers
only to an initial access to the work from a lawful source, whereas the term “lawful
use” is broader, as it appears to cover both the initial access to the work and also all
uses made subsequent to the initial access. Thus, “lawful access” to the work is a
first checkpoint of the lawfulness of the subsequent user’s acts. The underlying idea
is that there cannot be lawful use of the work or the database without initial lawful
access to it.
On the other hand, it could be also argued that lawful access and lawful use
should be perceived as the necessary complementary steps accompanying the act of
use as a whole. In this sense, “lawful use” would encompass both access to the work
and also all uses made of it, either simultaneously or subsequently to access to it.
This approach has two advantages. Firstly, it consolidates the various existing ter-
minologies found in the piecemeal EU copyright legislation (lawful acquirer,29 per-
son having a right to use a computer program,30 lawful user,31 lawful use,32 legal
access,33 lawful access34). Secondly, instead of evaluating the lawfulness of the
user’s acts in two steps (access, other uses), it promotes a holistic approach to the
lawfulness of users’ acts that, as will be demonstrated, could allow more flexibility,
but also injects an element of responsibility on the users’ acts involving copyright-
protected works.
Certainly, the existence in EU copyright law of divergent perceptions of the law-
fulness of users’ acts is perplexing. The lack of a clear EU definition of the terms
“lawful user”, “lawful use” and lawful or legal access make an assessment of the
possibility of invoking these copyright exceptions, where these terms are employed,
and, generally of the lawfulness of the users’ acts, dependent on a mosaic of possi-
ble interpretations. This inconsistency was criticised by Trialle and de Meeus
d’Argenteuil in their study of the legal framework of text and data mining, where it
was noted that, to avoid the confusion and controversies associated with the inter-
pretations of the terms “lawful use” and “lawful user”, it would be preferable in the
text and data-mining exceptions to refer to the expression “lawful access”.35 In our
view, however, instead of retaining the confusion by adding divergent special condi-
tions of lawfulness for specific copyright exceptions, it would have been preferable
to clarify and consolidate the existing EU acquis on “lawful use” and “lawful user”
by establishing a clear definition and taxonomy of lawful use, which also incorporates
29
Article 5 (1) of Directive 91/250/EEC.
30
Article 5 (3) of Directive 91/250/EEC.
31
Articles 6, 8 and 9 of Directive 96/9/EC.
32
Article 5 (1) of the Directive 2001/29.
33
Article 6 (4) of the Directive 2001/29.
34
Recitals 10, 14, 18 and Articles 3 and 4 and of the Directive on Copyright in the Digital Single
Market.
35
Triaille et al. (2014), p. 110.
the criterion of lawful access/lawful source. In this context, it would also have been
preferable to use the term “lawful use” in the text on the data-mining exceptions,
since the latter has been broadly defined and consolidated in CJEU case law, at least
as regards the temporary copy exception established by the Information Society
Directive.36
It is also noteworthy that the text on the data-mining exception is jus cogens, in
the sense that any contractual provision contrary to that exception will be unen-
forceable. The guarantee covering the exception against contractual clauses cer-
tainly strengthens the position of users who can enjoy the exception as a reinforced
legal prerogative akin to a “user right”. This is also in line with the reasoning of the
Software and the Database Directives, where only “lawful users” can enjoy copy-
right exceptions. However, conversely, this stance also embodies a more restrictive
approach to enjoyment of the exception, since, as the European Copyright Society
has pointed out, it makes the exception subject to private ordering. Indeed, the
exception can effectively be denied to certain users by a right holder who refuses to
grant “lawful access” to works or who grants such access on a conditional basis
only.37 Thus, the concept will act restrictively if the condition of “lawful access” is
interpreted in such a way that it will always depend on the terms of a contract or
licence. Therefore, although a researcher could not invoke the specific TDM excep-
tion to bypass technical protection measures, it should also be made clear that where
data is available on a website without any restriction, data analysis performed on
such data is presumed to be performed with lawful access.38
In this context, it is welcome that the Recital 14 of the new Copyright Directive
provides expressly that access to content that is freely available on line is deemed to
be lawful. The Digital Single Market Copyright Package also introduced another
mandatory copyright exception in the Portability Regulation,39 which entered into
force in April 2018. Specifically, Article 3(1) introduces an obligation for an online
service provider to enable a subscriber to access and use the online content service
when temporarily present in other Member States. Furthermore, Article 5 provides
that any contractual provisions, including those existing between holders of copy-
right and related rights, parties holding any other rights relevant to the use of content
in online content services and service providers, as well as between service provid-
ers and subscribers, which are contrary to Articles 3(1) and 4, shall be unenforce-
able. Although it is not expressly classified as a “lawful user’s right”, the obligation
of portability established by the Regulation takes the form of a personal right in
favour of a user/consumer. Indeed, the portability privilege presents the two essen-
tial features of a lawful user’s right. Firstly, it is not established generally in favour
of the public, but in favour of a specific and distinct legal subject: the
36
Geiger et al. (2018) op. cit.
37
European Copyright Society (2017).
38
Triaille et al. (2014) op. cit., p. 110.
39
Regulation (EU) 2017/1128 of the European Parliament and of the Council of 14 June 2017 on
cross-border portability of online content services in the internal market OJ L 168, 30.6.2017,
pp. 1–11.
38 T.-E. Synodinou
subscriber-consumer of an online content service who, based on contract with a

provider for the provision of an online content service, may lawfully access and use
such a service in his Member State of residence. Secondly, like the software and
database lawful user’s rights and the text and data-mining exceptions, portability is
fully guaranteed against opposing contractual terms and cannot be overridden by
the contractual will.40
Nonetheless, unlike the concept of “lawful use” in the Information Society
Directive, the concept of the “lawful user” who can claim the portability right is
defined narrowly in the Portability Regulation as the subscriber to the online content
service. Consequently, the only beneficiaries of the portability privilege are persons
who have been contractually granted the right to use the service. This is also
explained in Recital 15 of the Portability Regulation. According to this provision,
“This Regulation should apply to online content services that providers, after hav-
ing obtained the relevant rights from right holders in a given territory, provide to
their subscribers on the basis of a contract, by any means including streaming,
downloading, through applications or any other technique which allows use of that
content. For the purposes of this Regulation, the term contract should be regarded
as covering any agreement between a provider and a subscriber, including any
arrangement by which the subscriber accepts the provider’s terms and conditions
for the provision of online content services, whether against payment of money or
without such payment. A registration to receive content alerts or a mere acceptance
of HTML cookies should not be regarded as a contract for the provision of online
content services for the purposes of this Regulation”.
The restrictive definition of “lawfulness” in this case corresponds to the reality of
the transactions associated with such services, which are normally provided against
payment. In this context, the entire edifice of the portability mechanism is modelled
on the case where a subscription contract exists, and therefore all the necessary
checks on the user’s Member State of residence are based on information provided
through the subscription contract. Consequently, the concept of “lawfulness” takes
on a very specific meaning and has to be distinguished from the broader concept of
“lawful use” contained in the Software, Database and Information Society
Directives, and the analogous notion of “lawful access” that appears in the text and
data-mining exceptions.
3 Who Is a Lawful User?
From the above, it is clear that although European legislation has not opted for a
uniform terminology, the concepts of “lawful user”, “lawful use” and “legal
access”/“lawful access” are part of the EU copyright law acquis. Although the con-
cepts of lawful access or lawful use are not to be confused with the concept of
40
Synodinou (2016), p. 14.
lawful user, since in the latter case lawfulness is attached to the person and not to the
act, all of these concepts are based on the same conceptual core: lawfulness.
It is not clear what lawful use/access is and who is a lawful user, since neither the
EU legislator nor the CJEU have provided a definition for them.
In the following paragraphs, the dominant interpretations of these concepts will
be examined (Sect. 3.1), while the various forms of a consistent definition of “law-
ful use” will also be analysed (Sect. 3.2).
3.1 T
he Controversy Surrounding the Concept of “Lawful
User”
Some of the key elements in the process of demarcating the concept of a “lawful
user” are: establishing how it is possible to become a lawful user (positive defini-
tion) and cases in which the end-user is not a lawful user (negative definition).41
Three focal interpretations in relation to the concept of “lawful user” have been
advanced in the doctrine.42
According to the first one, a lawful user is any person who has acquired the right
to use a work, either on the basis of a contract, such as a licence, or on other legal
grounds, such as on the basis of the legal exceptions to copyright or thanks to the
principle of exhaustion of the right of distribution.43 Thus, if a copy of the computer
program or the database was sold in the EU by the right holder or with his consent,
any subsequent buyer, hirer (if rental was authorised by the copyright holder) or
borrower (if lending was authorised by the right holder or if the national legislation
provides only a remuneration right for public lending) is a lawful user.44 This broad
definition encompasses not only every use which is based on lawful acquisition of
the computer program and the database, but also every use which can be justified
based on other legal grounds, either inside or outside the perimeter of copyright law.
Broadly speaking, a lawful user would be a person who has obtained the copy of the
work or the right to use the work, without infringing copyright laws.45 Thus, even if
the right owner does not agree to the use of the work, a user may also become a law-
ful user based on acts permitted by law, such as through limitations and excep-
tions.46 Therefore, lawful use exists whenever the right of use is acquired through a
contract, regardless of its type, and whenever the use is not prohibited by law.
This thesis presents significant advantages. For example, by basing the existence
of lawful use not only on contracts but also on other legal grounds, it provides a
41
Vanovermeire (2000), p. 65.
42
See on this issue: Vanovermeire (2000), pp. 63–81; Derclaye (2008), p. 120 et s.; Dusollier
(2005), pp. 17–20.
43
Koumantos (1997), pp. 78–137; Dusollier (2005), p. 18.
44
Blocher and Walter (2010), p. 727.
45
Ibid.
46
Von Lewinski (2010), p. 727.
40 T.-E. Synodinou
guarantee for freedom of expression and the free exchange of information and ideas.
Indeed, the obligatory condition of the existence of contractual authorisation in
ascertaining the existence of lawful use could seriously jeopardise the fundamental
principle of Article 10 of the European Convention on Human Rights.47 This
approach is also consistent with the broad definition of the concept of “lawful use”
that appears in Recital 33 of the Information Society Directive, which deems lawful
any use authorised by the right holder or not restricted by law.
However, using a second interpretation, the existence of lawful use presupposes
the need for a special agreement on concession of use (a licence).48 This thesis is
based on a restrictive interpretation of Recital 34 of the Database Directive, which
provides that “once the right holder has chosen to make available a copy of the
database to a user, whether by an on-line service or by other means of distribution,
that lawful user must be able to access and use the database for the purposes and in
the way set out in the agreement with the right holder”. This interpretation has the
advantage of legal certainty. However, it is particularly constricting, since it embod-
ies a logic of absolute control of the use of copyright-protected works and of copy-
right exceptions established by the private will. Furthermore, it could be argued that
the prerequisite of a contract primarily reflects the conditions of access to online
databases and, in this context, it should not be applied to the assessment of lawful-
ness in other cases, such as that of software, where lawful acquisition can also
depend on other legal bases, such as the law of succession. Nonetheless, it would be
preferable to avoid a fragmentation of the concept of lawful use and to adopt a com-
mon understanding of it both in the Software and the Database Directive,49 and in
the Information Society Directive and subsequent EU legislation.
Finally, according to an intermediate position between these two interpretations,
the concept of “lawful user” used by the Database Directive should be aligned with
the concept of the “lawful acquirer” established by the Software Directive.
Consequently, the basis for lawful use is the lawful acquisition of the software or the
database, on the grounds of a licence or other type of contract.50
From the above, it appears that various doctrinal interpretations exist of who is
to be considered as a lawful user. This is understandable, because there are variant
forms of “lawful use” and diverse categories of “lawful users”. While legal certainty
could be better promoted if lawful use is based exclusively on a contract, this
approach appears restrictive and cannot effectively consider the position of copy-
right law within the wider legal ecosystem. In this context, it is necessary to elabo-
rate a comprehensive definition of the concepts of “lawful use” and “lawful user”
that is based on the first theory.
Accordingly, a lawful user is prima facie any person who has acquired the right
to use a work, either based on contract, such as a licence, or on other legal grounds
47
Vanovermeire (2000), p. 67.
48
Koumantos (1997), op. cit.
49
In favour of such an approach: Gaster (1996), pp. 38–39; Buydens (1997), pp. 335, 342;
Grosheide (2002).
50
Derclaye (2014), p. 334.
either inside or outside the perimeter of copyright law. Thus, broadly speaking,
“lawful use” could be understood as a use made either with the right holder’s con-
sent or a use not restricted by law. However, this is only a starting point. This vague
delineation of lawful use might prove to be impracticable since it does not provide
guidance on how to assess lawfulness of use in specific cases. The flexible concep-
tual matrix of lawful use should be accompanied by an indicative list of categories
of lawful use. Furthermore, the horizontal definition in EU copyright law and the
accompanying taxonomy of lawful use should be based on principles of natural
justice, both in the sense of flexibility (Sect. 3.2) and of responsibility (Sect. 3.3).
3.2 Flexibility as a Necessary Component of “Lawful Use”
Natural justice considerations are represented in private law mainly through abstract
legal principles and concepts, such as fairness and good faith.51 The employment of
standards based on this principle is not completely unknown in copyright law. In
this context, Article 5. 2 (d) of the Directive 2001/29 refers to “fair practice” as a
criterion for the application of the exception of quotation.52
The application of these principles in the assessment of lawful use has the poten-
tial to act as a necessary balancing tool, by bringing the exercise of copyright law
closer to the legitimate expectations of the author or other right holder and the user.
In this context, good faith and analogous mechanisms would be seen as a means of
contractual proportionality, which would lead to fairness and prevent the abuse of
rights.53
Good faith in civil law jurisdictions,54 either seen as a “principle of construction”,55
as an “implied obligation”56 or as a “behavioural norm”57 would have a pivotal role
in the assessment of lawful use based on a contract or licence. Similarly, good faith
and analogous notions and legal mechanisms in common law jurisdictions, such as
“unfairness”, the “duty of honest performance”, the “reasonable expectations of the
51
According to Ghestin, good faith is a means to achieve an ideal of justice in contracts: Ghestin
(1982).
52
According to this provision “2. Member States may provide for exceptions or limitations to the
reproduction right provided for in Article 2 in the following cases: …. (d) quotations for purposes
such as criticism or review, provided that they relate to a work or other subject-matter which has
already been lawfully made available to the public, that, unless this turns out to be impossible, the
source, including the author’s name, is indicated, and that their use is in accordance with fair
practice, and to the extent required by the specific purpose;’ See also, Article 10 (1) of the Berne
Convention for the Protection of Literary and Artistic Works (as amended on September 28, 1979).
53
For the justification of good faith based on contractual proportionality, see: Munukka (2005),
pp. 229–250.
54
See: Mackaay (2012), pp. 149–177.
55
Peden (2002), p. 246.
56
Peden (2009), p. 61.
57
Rolland (1996), p. 384.
42 T.-E. Synodinou
parties”, “honesty”, “reasonable results”, “fair framework”, the de minimis rule or

estoppel58 could be used for a non-formalistic assessment of lawful use”.59
This would entail interpreting the licence or the contract broadly in accordance
with the aim of the contract. For instance, depending on the legal tradition in ques-
tion, such a flexible interpretation could encompass the recognition of implied terms
stemming from the well-established principle of good faith in civil law jurisdic-
tions. In this context, it could even be argued that the notion of lawfulness is by its
very nature contingent on the notion of good faith. Similarly, but also more reluc-
tantly, in common law jurisdictions, the application of analogous principles apply-
ing to the interpretation of contracts could lead to the recognition of implied terms
enabling a use to be construed as lawful, provided that the user can demonstrate that
the licence or contract would lack commercial or practical coherence without it.60
For example, uses that are justified by the existence or aim of the contract could be
those that are not explicitly prescribed by concrete contractual terms, but could be
deduced by interpreting the contract in accordance with the implied will of the par-
ties and in accordance with the continental law principle of good faith,61 or the com-
mon law principle of “unfairness” or “fair and open dealing”,62 such as use of
lawfully acquired employer’s software by an employee within the framework of his
duties stemming from the contract of employment.63 Conversely, the principle of
good faith would prevent that use being regarded as lawful if the user does not liter-
ally circumvent technical protection measures (TPM) controlling access to a web-
site, but bypasses the terms of use by alternative means. For instance, in the case of
websites which have implemented a system that blocks repeated queries (i.e.
58
Zimmermann (2001), p. 172.
59
For a comparative analysis, see: Forte (1999); Collins (1994), pp. 229–254; Munukka (2005).
See also: Beatson and Friedman (2002).
60
See: Marks & Spencer Plc v BNP Paribas Securities Services Trust Company (Jersey) Ltd [2015]
UKSC 72. See also: Yam Seng Pte Ltd v International Trade Corp Ltd [2013] EWHC 111 (QB),
where Leggatt J held that “English law should recognise an implied duty of good faith and fair
dealing in contract performance, the content of which would depend on the context of the case.”
For an analysis of the principle in common law, see: Tan (2016), pp. 420–446; Hoskins (2014),
p. 131; Trakman and Sharma (2014), p. 598; Arden (2013), p. 199. For the complementary rela-
tionship between honesty and reasonableness, see: First Energy (UK) Ltd v Hungarian International
Bank Ltd [1993] 2 Lloyd’s Rep 194 CA (Civ Div) at 196, where Lord Stern noted: “Undoubtedly,
good faith has a subjective requirement: the threshold requirement is that the party must act hon-
estly. But good faith additionally sets as an objective standard the observance of reasonable com-
mercial standards of fair dealing in the conclusion and performance of the transaction
concerned”.
61
The principle of good faith is set as a rule of behaviour, in Art. 1:202 (1) of the European
Principles of private law: ‘Each party must act in accordance with good faith and fair dealing’ and
as a rule of interpretation of the law, in Art. 1:106 (1): ‘These Principles should be interpreted and
developed in accordance with their purposes. In particular, regard should be had to the need to
promote good faith and fair dealing, certainty in contractual relationships and uniformity of appli-
cation’. For the analysis of the principle of good faith in European Contract Law, see: Zimmermann
and Whittaker (2000); Storme (2003).
62
See: Iterfoto Picture Library Ltd v Stiletto Visual Programmes Ltd [1989] QB 433.
63
Synodinou (2010), (supra n. 1).
c rawling) from the same IP addresses to avoid repeated extraction of the content of
the website, if a user creates a large number of virtual IP addresses to access the data
and download them, he or she would be acting in bad faith and should not be con-
sidered as a “lawful user64”.
Evaluating the concept of “lawful user” based on the principles of good faith and
fairness assigns a dynamic nature to the concept of “lawful user” and serves two
purposes. As well as guaranteeing a necessary degree of elasticity in interpreting the
concept of “lawful user”, it could also operate as a restraint and as a general clause
for controlling the “lawfulness” of the user’s behaviour. In fact, defining the lawful
user only based on specific legal grounds (legal provisions, specific contractual
terms) entails the risk of condemning the concept to remain static. This might lead
to the erroneous conclusion that having legal access to a copyrighted work for the
first time or the initial lawful acquisition of a copy of a work is the sole criterion
used in evaluating the existence of lawful use. On the other hand, initial lawful
access to the work or acquisition of a copy of it is not sufficient to ascertain the
lawfulness of use further down the line, since an initial lawful user may act unlaw-
fully at a later stage.
Thus, considering these principles could be used not only to broaden the concept
and to avoid unjust effects, but it could also function in the opposite direction as an
inner restriction on lawful use itself. In fact, good faith and fair practice could be
used as criteria to judge whether lawful use really is lawful or whether it still remains
lawful. In this framework, the bad faith of a prior lawful user should be construed as
a situation of “abuse of rights” and should lead to the loss of the capacity of “lawful
user”. This in turn would result in losing the option of invoking the rights of the
lawful user under certain specific circumstances. This is an example of a so-called
“limitative function” of good faith.65 Thus, a lawful acquirer—such as a purchaser
of a copy of a software package who stores a back-up copy of the software on an
insecure server to which everyone has unrestricted access, is offering, either inten-
tionally or by negligence, other users of the server the possibility to reproduce the
program. This user is violating the principle of good faith and abusing the right to
make a back-up copy of the program, and could also be deemed to be in breach of
his duty of care. Consequently, even if the initial lawful acquisition of the copy of
the computer program has made him a lawful user, his use could still not be consid-
ered as lawful in these specific circumstances.
Nonetheless, the application of these norms will necessarily depend very much
on each national legal tradition. In this context, the lawfulness of use could be clas-
sified differently in civil law jurisdictions, where the concepts of good faith and
reasonableness are pervasive general principles, and in common law jurisdictions,
where there is no overarching general principle or duty of good faith or “reasonable-
ness and fairness”.66
64
For this example, see: Triaille et al. (2014), (supra n. 35) p. 74.
65
For a doctrinal distinction of the functions of good faith, see: Masse (1994), pp. 224–227.
66
Breedveld-de Voogd et al. (2016), p. 49.
44 T.-E. Synodinou
In light of the above, it is essential for these norms to be assigned a specific

meaning in relation to the use of copyright-protected works in European copyright
law, as part of the delimitation of the concept of “lawful user” as an autonomous
notion of European copyright law.
3.3 R
esponsibility as an Implicit Standard of “Lawful Use”
in CJEU Case Law
As has already been demonstrated, the concept of “lawful user” was expressly rec-
ognised in sectoral EU copyright law Directives (the specific cases of software and
databases) and the temporary copy exception of the Information Society Directive,
while the adjacent concept of “lawful access” is a criterion for enjoyment of the text
and data-mining exceptions in the Directive on copyright in the Digital Single
Market. However, the appearances of these concepts are sporadic and inconsistent.
In this context, although the emergence of “lawful use” has a significant symbolic
value, it still remains marginal in EU copyright legislation.
Even so, the CJEU seems to have taken on the task of implicitly expanding and
further elaborating the concept. As will be shown in this section, the principles
established by the CJEU show the way to delineating a standard of user’s responsi-
bility as part of the assessment of “lawful use”.
Firstly, in the seminal ACI Adam case,67 the CJEU affirmed that the benefit of the
private copy exception concerns only reproductions made from “lawful sources”.
As the Court stated, to accept that such reproductions may be made from an unlaw-
ful source would be to encourage the circulation of counterfeited or pirated works,
thus inevitably reducing the volume of sales or of other lawful transactions relating
to the protected works, with the result that a normal exploitation of these works
would be adversely affected.68 The Court takes a firm stance and considers that the
private copy exception cannot be applied under EU copyright law, basing its argu-
mentation solely on the unlawful nature of the source, which is interpreted by refer-
ence to the three-step test. The CJEU does not give a precise definition of what
constitutes an “unlawful source”, but bases its argumentation mainly on the three-
step test. In this context, the prerequisite of the lawful source is emancipated from
the specific private copy context and takes on a broader dimension. Since it is not
strictly linked to the private copy exception, the same reasoning could apply to all
copyright exceptions. This could imply that only lawful users can claim the applica-
tion of copyright exceptions.69
It is noteworthy that the assessment of “lawfulness” is strictly linked to the
source of the copy and does not consider the end-user’s knowledge in relation to the
67
CJEU, ACI Adam BV and Others v Stichting de Thuiskopie, Stichting Onderhandelingen
Thuiskopie vergoeding, Case C-435/12, Judgment of 10 April 2014, ECLI:EU:C:2014:254.
68
Ibid, par. 39.
69
Lucas et al. (2017), p. 390, n. 400.
unlawfulness of the source of the copy. As a result, end-users cannot claim applica-
tion of the private copy exception for illegal downloads. The CJEU does not take its
reasoning further and officially declare that end-users are not lawful users and are,
therefore, copyright infringers. Nonetheless, this is implied, although for practical
reasons and due to privacy concerns, individual users who download material from
unlawful sources are not expected to face legal action.70
However, in the subsequent Copydan judgment,71 the CJEU was more explicit
regarding the conditions governing the “lawful source”. In the Court’s view, the
focal point for assessing the lawfulness of the source is the right holder’s consent.
As the Court stated, reproductions made using unlawful sources are those which are
made from protected works that are made available to the public without the right
holder’s consent.72 The lawfulness of their use (the making of a private copy in this
case) is therefore conditional upon the way the source of the copy was made avail-
able to the public. If the work was made available to the public with the right hold-
er’s consent, the source is lawful and its use by the end-user is lawful too. It will be
fairly straightforward to ascertain when the end-user acquired a copy of the work or
lawfully accessed the work as a service based on a licence/contract concluded
directly between the right holder and the user. There will however be some grey
areas if a work is made available without rights holders clearly indicating which acts
are authorised. Furthermore, the CJEU’s reasoning embodies a logic of exclusive
control of the uses of copyright-protected works and of copyright exceptions by
private ordering.
Based on the finding that the lawfulness of the source is assessed according to
whether the work was made available with or without the right holder’s authorisa-
tion, the CJEU further elaborated on the lawfulness of linking the activities of users
of copyright-protected works. Indeed, since the GS Media case,73 the prototype of a
“responsible linker” complements the CJEU’s previous stance in relation to “lawful
use” and to “unlawful sources”. In the GS Media case, the Court takes a further step
forward and sets the criteria governing an end-user’s liability for copyright infringe-
ment, and specifically for violation of the “making available right”. The confirma-
tion of the concept of “lawfulness” of the source in relation to the “making available
right” is a strong indication that this concept is recognised by the CJEU as having a
horizontal application, since it cuts across both the right of reproduction and the
right of communication to the public and also copyright exceptions. The Court’s
reasoning is divided into two parts. Firstly, an assessment is made as to whether the
work was made available with or without the right holder’s authorisation. If the
work was made available without the right holder’s consent, then the user’s liability
70
Quintais and de Leeuw (2014).
71
CJEU, Copydan Båndkopi v Nokia Danmark A/S, Case C 463/12, Judgment of 5 March 2015,
ECLI:EU:C:2015:144.
72
Ibid, par. 74.
73
CJEU, GS Media BV v Sanoma Media Netherlands BV and Others, Case C-160/15, Judgment of
8 September 2016, ECLI:EU:C:2016:644.
46 T.-E. Synodinou
depends on whether he knew or ought to have known that the work was made avail-
able without the right holder’s consent.
In the same way as a person who makes a private copy of a copyright-protected
work from an unlawful source, a person who provides a link to copyright-protected
content which has been made accessible without the right holders’ authorisation
cannot be considered as a lawful user of the work. In the CJEU’s reasoning, a linker
is not a lawful user of a copyright-protected work if that person knew or ought to
have known that the hyperlink he posted provides access to a work illegally placed
on the Internet. Specifically, for profit-making linking activities, that knowledge is
presumed.74 In so doing, the CJEU’s reasoning introduces elements of extra-
contractual liability law into the core of copyright law, and thereby significantly
alters the orthodox stance that copyright is established as an exclusive property
right, the infringement of which does not consider the mens rea of the infringer.75
Indeed, in the CJEU’s view, the question is no longer simply that of whether, objec-
tively speaking, an act of communication to the public occurred: the assertion of the
existence of the act itself is connected to subjective elements, such as the intention,
and the potential infringer’s direct or constructive knowledge. This change is neces-
sary in the online environment, where it is not possible for end-users who do not
have a direct contractual relationship with the right holder to investigate and safely
prove that the work is being made available to the public without the author’s con-
sent. The end-user’s constructive knowledge has to be assessed with reference to the
prototype of the objective standard of the bonus pater familias, the “reasonable
person”, such as this concept is established in the law of obligations of each Member
State (such as the common law concept of “the man on the Clapham omnibus” or
the French law standard of the “homme avisé”).76
In this context, for example, a reasonable and prudent person would not have
expected to access the latest Hollywood movie for free via an Internet link, and
therefore lawful use will not occur if she/he further provides the link to the public.
Similarly, the deliberate act of advertising the accessibility of copyright-protected
works that were made available on the Internet without the copyright holders’ con-
sent is an undeniable factor counteracting any argument in favour of the good faith
of the person who provides the links.77
While in such a flagrant case, it would be fairly easy to ascertain the unlawful-
ness of the use, more complex situations will certainly arise where the unlawfulness
of the source will not be clear. This is the case when, for example, a work was
placed on the Internet with the author’s consent, but with a contractual prohibition
on making it further available which is not mentioned on the relevant website from
which the end-user accessed the work, and without any technological barriers to
74
Synodinou (2017), pp. 733–736.
75
Dormont (2017), p. 17.
76
For the concept of “responsible person” in the common law of negligence, see: Blyth v
Birmingham Waterworks (1856) 11 Exch 781; Hall v Brooklands Auto-Racing Club [1933] 1 KB
205.
77
Filmspeler, par. 50.
accessing the work. Although in such a case, it would not have been possible for a
reasonable person to be aware of the contractual prohibition, the dependence of the
assessment of the user’s liability on complex legal reasoning would certainly be a
deterrent factor against use of the work. As the CJEU has not specifically defined
the prototype of the “reasonable user” as an autonomous EU copyright law concept,
this assessment will have to be made on the basis of the variant relevant national
standards.
It seems that for the CJEU, the delicate delineation between “lawful” and “unlaw-
ful” use will be decided restrictively on the grounds of the fundamental “fraus
omnia corrumpit” legal principle. A manifestly illicit act (an unlawful source, the
making available of the work without the right holder’s authorisation) is enough to
contaminate the entire chain of reproductions and communications to the public of
copyright-protected works, and even to rule out the application of copyright excep-
tions and limitations. Unless the use has been authorised, only those acting respon-
sibly, reasonably and in good faith could avoid liability and be considered as lawful
users. In this context, the good faith of the user has a prominent role generally, when
assessing the lawfulness of the users’ acts, and not only in the case of a specific
contractual agreement between the right holder and the user. As Derclaye high-
lighted in relation to the “lawful user” requirement of the Database Directive, in the
case of online databases accessible without payment or password, i.e., websites
with unrestricted access, an implied licence should be admitted, which is granted by
the database maker to use the database within the limits of the Directive. Accordingly,
for online database, the freedom of access satisfies the condition of lawfulness, and
users having lawful access to the Internet are lawful users.78 Similarly, for works
found on line without any technical restrictions, the terms of their use based on the
right holder’s implied consent should be conceived of and interpreted according to
the principle of good faith.
Furthermore, there is a significant differentiation on the burden of proof of
knowledge that the work was made available without the right holder’s consent.
That knowledge is presumed in the case of professional users (such as professional
linkers), while the right holder carries the burden of proof in the case of ordinary
end-users who use the works in the context of a non-profit activity.
This distinction clearly borrows elements of the law of extra-contractual liability,
since a higher standard of care is generally expected from professionals in a specific
field. Thus, while it is not absurd to claim that online newspapers should check
whether the content they are linking to is authorised, no one could ever think that
private users would always check and be aware of the legal status of the content they
are linking to, unless its unlawful origin is obvious.79 Nonetheless, the distinction in
practice will not always be straightforward. The GS Media decision does not define
78
Derclaye (2008), p. 125. For a contra interpretation see: Triaille et al. (2014), p. 73. Arguing that
where no contractual conditions have been imposed and a website is freely accessible, no license
is needed in the first place and lawful use, par consequent, is not based on a contract (implied
consent) of the author or other right holder.
79
Bellan (2016).
48 T.-E. Synodinou
the criteria that will be used to assess the profit-making activity (whether the link
itself should generate profit, whether the website as a whole is ‘for profit’ or whether
the fact that the person creating the link is a commercial entity is sufficient for the
‘for profit’ criterion80). Furthermore, the dichotomy between the “professional”
(profit-seeking) and “non-professional” linker is an artificial one and is a novelty in
European media law, where both profit-seekers and amateur information providers
are protected equally by freedom of expression, under Article 10 of the European
Convention on Human Rights. The process of ascertaining the profit-making nature
of the activity has to consider the particularities of the Internet. In this context,
financing by means of advertising revenues linked to the website’s traffic appears on
the face of it to come within the scope of profit-making activities.81
Another question is that of whether and to what extent the lack of knowledge or
the negligence of a user with a non-profit activity could generally be used as a deci-
sive factor for denying her/his liability. The issue at stake here is that of whether the
findings of the GS Media case on individual non-professional users could be applied
more generally in relation to the reproduction or/and communication to the public
of copyright-protected works which are accessible on the Internet with no technical
constraints. Advocate General Campos Sánchez-Bordona, in his Opinion on the so-
called “Cordoba” case,82 clearly favoured such an approach. The case concerned the
posting by a pupil, on a school’s website, of a photograph which had been published
on another website with the author’s consent and was freely accessible on the
Internet. In the Advocate General’s view, although this case has to be distinguished
from the GS Media case (which involved the question of hyperlinks to protected
works that were freely available on another website without the copyright holder’s
consent), the reasoning in the GS Media case on the subjective component of the
behaviour of persons with no profit motive could be extrapolated, mutatis mutandis,
to the Cordoba case. Indeed, it may be difficult, ‘in particular for individuals’, to
ascertain whether the copyright holders of works on the Internet have consented to
their works being posted on the site concerned. Based on the foregoing, the Advocate
General had opined that neither the pupil nor the school had communicated the
photograph to the public. On the other hand, it was suggested that there will be com-
munication to the public where the copyright holders give notice that the work to
which access is being provided has been ‘illegally placed on the Internet’ or where
access to the work is provided in such a way that users of the website on which it is
posted can ‘circumvent the restrictions taken by the site where the protected work is
posted or where the author has notified the person seeking to publish his photograph
on the Internet that he does not give his consent’.
80
Lokhorst (2017).
81
See the “Pirate bay” case: CJEU, Stichting Brein v Ziggo BV and XS4All Internet BV, Case
C-610/15, Judgment of the Court of 14 June 2017, ECLI:EU:C:2017:456.
82
Opinion of the Advocate General Campos Sánchez-Bordona delivered on 25 April 2018, Case
C-161/17, Land Nordrhein-Westfalen v Dirk Renckhoff, ECLI:EU:C:2018:279.
However, the CJEU did not follow the Advocate General’s Opinion.83 By distin-
guishing this case from GS Media, it held that the posting by the pupil of the photo-
graph required a new authorisation by the author. As the CJEU stressed: “unlike
hyperlinks which, according to the case-law of the Court, contribute in particular to
the sound operation of the internet by enabling the dissemination of information in
that network characterised by the availability of immense amounts of information,
the publication on a website without the authorisation of the copyright holder of a
work which was previously communicated on another website with the consent of
that copyright holder does not contribute, to the same extent, to that objective”.84
Furthermore, for the Court, to hold that the posting on one website of a work previ-
ously communicated on another website with the consent of the copyright holder
does not constitute making available to a new public, would amount to applying an
exhaustion rule to the right of communication. Lastly, it is irrelevant that the copy-
right holder did not limit the ways in which Internet users could use the photograph,
since the enjoyment and the exercise of the right of communication to the public
may not be subject to any formality.85 The CJEU safeguarded the preventive and
exclusive nature of copyright. It appears that the objective of establishing a high
level of protection for authors does not permit a liberal interpretation of the rights of
the author in such a way that the knowledge or the negligence of the users is consid-
ered to deny users’ liability. On the other hand, in the specific case of links, given
their significant contribution to the sound operation of the Internet by enabling the
dissemination of information, a more lenient approach is possible.
Consequently, in Renckhoff, the CJEU closed the door to a possible application
of extra-contractual liability evaluations when assessing lawfulness of use in rela-
tion to whether an act of the user comes within the scope of copyright monopoly
because it has been communicated to the public without the author’s consent.
However, the CJEU did not examine whether the GS Media line of reasoning could
find some application in relation to the assessment of lawful use based on copyright
exceptions and limitations. In this context, the Renckhoff case does not answer the
question of whether the unlawful nature of the source, or more broadly unlawful
access to a copyright-protected work, contaminates all subsequent uses, and thus
necessarily neutralises lawful use, on the grounds of copyright exceptions, too. This
is because in Renckhoff, the work was made available to the travel website without
any technical restrictions, with the author’s consent. Since the educational excep-
tion could have applied if the photo was made available with more restricted
access,86 it can be deduced that the existence of contractual restrictions, which con-
stitute in personam limitations on the use of the photograph other than on the travel
83
CJEU, Case C-161/17, Land Nordrhein-Westfalen v Dirk Renckhoff, [2018], ECLI:EU:C:2018:279.
84
Ibid, par. 40.
85
Ibid, par. 36.
86
See: ALAI Opinion on CJEU, C-161/17, Land Nordrhein-Westfalen v Dirk Renckhoff, [2018],
ECLI:EU:C:2018:634. Available via http://www.alai.org/en/assets/files/resolutions/180529-opin-
ion-land-nordrhein-westfalen-en.pdf.
50 T.-E. Synodinou
website, would not have been a sufficient legal basis for rendering uses based on
copyright exceptions unlawful.
Consequently, the question that has to be answered is whether users can invoke
copyright exceptions when they have accessed the work via an unlawful source,
such as where the photograph had been uploaded to the travel website without the
author’s consent. The unlawfulness of the source would normally render copyright
exceptions unacceptable as a basis for lawful use. Accepting the contrary would
somehow result in “laundering” the unlawfulness of the source/access via the mech-
anism of copyright exceptions. However, GS Media has also shown that there is a
difference between the level of responsibility to be expected from non-commercial
and from for-profit users. The unlawfulness of the source should not inevitably ren-
der a use that is based on copyright exceptions unlawful and, as a result, lead to the
user being held liable for copyright infringement. The fact that it may be impossi-
ble—or at least or extremely difficult—to know or to make an informed presump-
tion that the source is unlawful, especially as regards sources found on line, should
be considered as part of a holistic assessment of the user’s liability. In this context,
there should be cases of lawful non-commercial use of a copyright-protected work
accessed via an unlawful source, provided that, in line with GS Media’s underlying
principle, the user could not reasonably have been in a position to know or assume
the non-manifest unlawfulness of the source of the work. Conversely, uses taken
from a manifestly unlawful source would not qualify as lawful use, even for non-
commercial users, unless there is a specific background that renders the specific use
lawful, such as use on the grounds of the exception being absolutely necessary to
safeguard freedom of expression.87
4 T
owards a Taxonomy of “Lawful Use” in European
Copyright Law
The concept of “lawful use” takes many forms, in the sense that its substantial core
includes uses based on divergent access models (provision of goods, provision of
services) and on a variety of legal bases.
There is no “one size fits all” solution when it comes to making an assessment of
the lawfulness of the user’s acts.
Although the technicalities of the provision of an intangible asset will not nor-
mally affect the way it is regulated by law, the way the assessment of the lawfulness
of use will be made may de facto be based on divergent criteria, depending on
whether the work is embodied in a tangible data carrier or provided as part of an
online service. This inevitable variation offers proof of the non-technologically neu-
tral nature of copyright law.88
87
See: CJEU, Spiegel Online GmbH contre Volker Beck, Case C-516/17, Opinion (2019),
ECLI:EU:C:2019:16.
88
Synodinou (2012), pp. 618–627.
When a work of mind is embodied in a tangible carrier, its lawful use is based on
the lawful acquisition or possession of the tangible copy. This can be established
based on contract (such as a licence covering use, sale, resale, donation, rental, lend-
ing, etc.) or on other legal grounds, within copyright law, such as exhaustion of the
right of distribution and copyright exceptions, or outside copyright law, such as
inheritance and insolvency law.
Despite the legal dogma of the clear distinction of the intangible asset embody-
ing a “work of mind” from its physical carrier, the lawful acquisition or lawful pos-
session of a physical copy of a work could constitute a basis of lawful use. However,
the delimitation of the rights of the author or other right holder in favour of the
person who lawfully acquired the physical carrier embodying a work of mind,
should not be considered as alien to copyright law.89 Indeed, the tangible carrier
enables access to and enjoyment of the intellectual creation. Accordingly, histori-
cally, restrictions on copyright for the benefit of the lawful acquirer of the physical
carrier of a work of mind could be regarded as an embryonic form of lawful use,
justified by the need for a fair balance between the interests of both parties (author
and owner of the tangible carrier). In the case of a contract, where there are no
express contractual terms in relation to the rights of both parties, the restriction of
the author’s rights could be deduced by the duty to perform the contract in good
faith.90 Furthermore, the legal mechanism of abuse of rights has also served as a
balancing tool and enabled the courts to allow lawful enjoyment of the tangible car-
rier of the work.91
In that sense, the recognition of rights of lawful use is in a way inherent in the
inevitable antagonism between the property right over the tangible carrier of the
work and the intellectual property right over the intangible creation The legitimate
existence of a property right over the object embodying the work is inextricably
related to certain rights of lawful use, which follow the devolution of the property
right over the carrier. These “user rights” should not normally impede the exercising
of the economic rights of the author or other copyright holder, since by definition
89
In conflicts between the author and the owner of the tangible carrier of a work, the courts have
often justified the owner’s intervention to the work when this was necessary for technical or even
commercial reasons. See for example: Civ. Versailles, 23 Juin 1932, D.H., p. 487 and CA Paris, 27
Avril 1934, Gaz. Pal.. jur., p. 165 (Case Lacasse et Welcome c/ Abbé Quenard): the destruction of
the tangible carrier of a work (murals) by the lawful owner of this carrier was not found to violate
the copyright of the author, especially for works destined to private use; Bruxelles, 15 décembre
1930, Pas. 1931, II, p. 6 (Case Université de Louvain c/ Whitney Warren): the architect who cre-
ated the plans of the new library cannot impose on the owner of the library the placement of an
inscription; Case Bonnier c/ Bull. Cass., 7 Janvier 1992, RIDA 1992/2, p. 194 (modifications made
by the owner of the building for commercial/economic reasons were justified). For an analysis of
the case law in Belgium and France see: Vanbrabant (2005), pp. 492–534.
90
Case Scrive c/ Centre commercial Rennes –Alma, TGI Paris, 14 mai 1974 and CA Paris, 10 juil-
let 1975, Dalloz 1977, jur., p. 342, in: Vanbrabant (2005), p. 519.
91
Vanbrabant (2005) op. cit., p. 523.
52 T.-E. Synodinou
these are related to use of the work and not to exploitation of the work outside the
perimeter of legitimate private use.92
On the other hand, when a work is offered in terms of the provision of a service,
lawful use will depend on the existence of a contract or licence allowing lawful
access to the works. Regardless of whether access to the work is granted in return
for payment of a fee (such as in open-content contracts) and of the way in which the
contract has been concluded (such as accepting the terms of use of a website93), any
violation of the terms of use by the licensee will render their use unlawful.94
Leaving aside these variations, it is vital for a flexible interpretation of the con-
cept to be promoted, on the grounds of the central finding that use is to be either
authorised by the right holder or not restricted by law. Consequently, this definition
should mainly cover the following categories of lawful use:
(a) lawful acquisition, possession and access, based on every kind of contract
(licence, sale or resale, donation, public lending, rental, etc.). In this case, it will
not be possible to justify lawful use on the grounds of copyright exceptions if
the contract expressly overrides them, unless these exceptions are mandatory
under the national copyright law applicable. Furthermore, such use will not be
lawful if the contract is strictly stipulated as intuitu personae.
The delineation of the lawful user’s rights and duties in the contractual
agreement will certainly be a factor in legal certainty. Nonetheless, assessing
lawful use based on contract might also present uncertainties, especially in
cases where the user of the work has no direct contractual relationship with the
copyright holder. Indeed, the task of assessing whether a person is a lawful user
would be fairly straightforward in the case of a contract concluded directly
between the user and the copyright holder or any other person having the right
to conclude a contract in relation to the immaterial good. However, the situation
could be more complicated for uses made by bona fide third parties, such as in
cases involving a violation of the terms of GPL licences by an initial licensee.
As any violation of the terms of the GPL automatically and simultaneously
invalidates the licensee’s position (automatic reversal of rights), the question is
whether a third party (for example a purchaser of a modified version of a soft-
ware package marketed by an initial licensee in breach of the GPL terms) could
be considered as a lawful user, and could therefore exercise the minimum law-
ful user rights laid down in the Software Directive. In light of a rigid application
of the nemo dat rule, if a prerequisite exists requiring the licensor to grant a
licence under copyright, then the third-party purchaser of the software cannot
be considered as a lawful user, since the use is not based on an interruptible
chain of lawful uses (the specific use was made without the right holder’s
92
Synodinou (2010), pp. 819–843.
93
This has been affirmed in the Ryanair case where the CJEU acknowledged that the acceptance by
a visitor of a website of the general terms and conditions of that website by ticking a box to that
effect is valid. See: CJEU, Ryanair Ltd v PR Aviation BV, C-30/14, Judgment of 15 January 2015,
ECLI:EU:C:2015:10.
94
See Ryanair case, ibid.
c onsent). This, however, appears extremely restrictive for uses made by inno-
cent bona fide third parties who were either not aware of, or ought to have been
aware of, the breach of the GPL’s terms. In this context, the bona fide status of
the user must also be a decisive factor in evaluating the lawfulness of use and
enjoyment of the software lawful users’ minimum rights. Furthermore, as
Guido Westcamp notes, the lawful user’s minimum rights to use the software
have been granted by legislation, irrespective of the position of the vendor, and
therefore a bona fide acquirer will likewise be protected under the lawful-user
clause, which in practice limits the enforceability of the GPL.95
(b) lawful acquisition or lawful possession on the grounds of copyright law (exhaus-
tion, copyright exceptions, if the latter are mandatory or they have not been
overridden by contractual terms) and based on other legal provisions (such as
the law of inheritance or insolvency).
As previously mentioned, this has been confirmed in the UsedSoft case,
where it was held that a lawful acquirer is not only an acquirer who is autho-
rised, under a licence agreement concluded directly with the copyright holder,
to use a computer program, but also a second acquirer of the licence, as well as
any subsequent acquirers of it, who will be able to rely on exhaustion of the
distribution right, and will hence be regarded as lawful acquirers of a copy of a
computer program. This basis of lawful use relying on the exhaustion of the
right of distribution might also present some grey areas. This will be the case
when it is not clear whether the consent given by the right holder for the first
sale of the immaterial good covers all subsequent uses. This question was
addressed by the CJEU in the UsedSoft case,96 where the Court embraced a
broad approach to the concept of “lawful acquirer” established by the Software
Directive, and held that an acquirer of a software package who did not have any
contractual relationship with the copyright holder could still be characterised as
a lawful acquirer of the software, despite a licensing clause prohibiting any
resale of the licence. Indeed, the CJEU held that a lawful acquirer is not only an
acquirer who is authorised, under a licence agreement concluded directly with
the copyright holder, to use a computer program, but also a second acquirer of
the licence, as well as any subsequent acquirers of it, who will be able to rely on
exhaustion of the distribution right, and will hence be regarded as lawful acquir-
ers of a copy of a computer program. However, it is noteworthy that the lex
specialis of the UsedSoft case does not cover uses of software in the context of
a rental. Thus, in the event of a breach by the initial licensee/hirer of a licensing
clause prohibiting the further transfer of the right to use the software, any sub-
sequent use of the software by the person who has been granted the right to use
the program by the initial licensee will not be lawful. Furthermore, the use
made by the subsequent acquirer of the software will be lawful only if the spe-
cific conditions set by the CJEU are met (the right to use the software must have
Westkamp (2008), p. 55.

95
CJEU, UsedSoft GmbH v Oracle International Corp, Case C-128/11, Judgment of 3 July 2012,
96
ECLI:EU:C:2012:407.
54 T.-E. Synodinou
been granted for an unlimited period, the initial copy must be deleted or made
unusable, and there must be a sale in return for payment of a fee corresponding
to the economic value of the copy of the software). In practice, it would be dif-
ficult to trace unlawful uses that do not meet these criteria, for example inactiva-
tion or erasure of the original copy in case of a resale.
(c) uses based on the application of abstract legal principles embodying elements
of fairness and of natural justice, such as interpreting the contract in accordance
with good faith, but also assessing the users’ behaviour on the grounds of estab-
lished principles of extra-contractual liability, such as the standard of care dis-
played by the bonus pater familias (the user must have acted as a “reasonable
person”) or actual or constructive knowledge of copyright infringement or of
the unlawfulness of the source of the work. Especially on the assessment by the
user of the unlawful nature of the source of the work, it is necessary to promote
an approach that considers the reality that it may be impossible—or at least
extremely difficult—to know or presume that a source is unlawful, especially as
regards sources found on line, unless its origin is obvious. In this context, a
clause of exemption from liability (akin to a “lawful user” safe harbour) should
be admitted for non-commercial use of a copyright-protected work accessed via
an unlawful source, for users who could not reasonably be in a position to know
or presume that the source of a work that they are using is unlawful.97 This
clause would be part of a dynamic concept of lawful use which consolidates and
further advances the existing acquis on lawful use and lawful source/access.
Such a clause would provide a fair response to the significant information asym-
metry98 faced by users in relation to the lawful nature of the source of the work.
The establishment of such a clause in EU copyright law is not incompatible
with the EU and international copyright acquis, since the assessment of the
user’s state of mind is not being made in relation to the definition (or restriction)
of the scope of copyright protection (rights and exceptions), but at a subsequent
level when assessing the user’s final liability. Furthermore, instead of regulating
the information asymmetry by the mechanisms traditionally employed in this
area, such as by imposing an obligation on the right holders to disclose informa-
tion, this solution respects the fundamental copyright dogma that copyright pro-
tection is obtained without formalities.
(d) uses based on other legal grounds external to copyright law, such as the funda-
mental EU freedoms and fundamental rights.99 Indeed, it follows from the
97
See: Synodinou (2019).
98
Information asymmetry is defined as a situation in which respective parties’ own different
amounts and types of information about a project or contract. See: Akerlof (1970).
99
For a recognition of this principle, see: Recital 3 of the Directive 2001/29/EC of the European
Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright
and related rights in the information society, Official Journal L 167, 22/06/2001 P. 0010 - 0019
(“The proposed harmonisation will help to implement the four freedoms of the internal market and
relates to compliance with the fundamental principles of law and especially of property, including
intellectual property, and freedom of expression and the public interest.”) and Recital 45 of
Proposal of a Directive on copyright in the Digital Single Market, Brussels, 14.9.2016, COM(2016)
593 final (“This Directive respects the fundamental rights and observes the principles recognised
longstanding case law of the Court that restrictions on the free movement of
goods and services are only permissible if they are necessary to safeguard the
specific subject matter of the intellectual property.100 The restriction of copy-
right law based on the EU trading freedoms has been affirmed both in by the
Football Association Premier League case101 and the UsedSoft case. In the
Football Association Premier League case, it was held that the free movement
of services prohibited national legislation from making it unlawful to import
and to sell and use foreign decoding devices giving access to an encrypted satel-
lite broadcasting service from another Member State. Consequently, the tempo-
rary copy exception of Article 5 par. 1 of the Information Society Directive
could not be neutralised based on territorial restrictions that go beyond what is
necessary to ensure appropriate remuneration for the rights holders concerned.
Similarly, according to the CJEU’s underlying logic in UsedSoft, as long as
restrictions on the resale of electronic copies of computer programs downloaded
from the Internet go beyond what is necessary to safeguard the specific subject mat-
ter of copyright, national legal provisions permitting this will conflict with the fun-
damental freedom of movement of goods or services, as they undoubtedly will have
the potential to affect trade between Member States.102
However, the question of establishing lawful use based on fundamental rights,
which do not have a counterpart in specific copyright exceptions, is trickier and still
uncertain. According to the CJEU, fundamental rights can serve as an interpretative
standard for the existing exceptions and as an assessment standard for specific
enforcement measures aimed at intermediary parties.103 Furthermore, certain excep-
tions with a strong grounding in freedom of expression, and mainly that of parody,
may outweigh copyright protection even in the absence of a relevant corresponding
legislative copyright exception.104 However, in his recent Opinion in the Spiegel
Online (C-516/17) case, Advocate General Szpunar denied that lawful use could be
established directly based on the Charter of Fundamental Rights of the EU,105 when
suggesting that freedom of expression does not constitute a limitation and does not
justify an exception to or an infringement of the exclusive rights of the author
outside the limitations and exceptions provided for in Article 5 (2) and (3) of
Directive 2001/29. Nonetheless, it is noteworthy that in AG Szpunar’s view, the
in particular by the Charter of Fundamental Rights of the European Union. Accordingly, this
Directive should be interpreted and applied in accordance with those rights and principles”). For
such an approach, see: Hugenhlotz (2017), pp. 275–291.
100
Rognstad (2014) with reference to: CJEU, joined cases C-427/93, C-429/93 and C-436/93,
Bristol Myers Squibb and others v. Paranova A/S [1996] ECR I-3457 para 36.
101
CJEU, Football Association Premier League Ltd and Others v QC Leisure and Others (C-403/08)
and Karen Murphy v Media Protection Services Ltd, (Case C-429/08), Judgment of 4 October
2011.
102
Rognstad (2014), op. cit.
103
van Deursen and Snijders (2018), pp. 1080–1098.
104
See, for instance, for Belgium: Cour Cass., 5 Avril 2001, Auteurs & Media 2001/3, p. 400, in:
Voorhoof (2006), p. 5.
105
Opinion of 10th January 2019, Spiegel Online GmbH contre Volker Beck, Case C-516/17.
56 T.-E. Synodinou
courts might intervene in exceptional cases to safeguard a fundamental right (free-

dom of expression in this case) even in the absence of a specific corresponding
exception (when the “essence of a fundamental right” is at stake106).
Certainly, the introduction of the concept of the “lawful user”, combined with the
recognition of a minimum level of lawful users’ rights in European copyright legis-
lation, form the core of a subversive approach to copyright regulation. As demon-
strated, initially this evolution was strictly related to specific intangible goods with
a strong user/consumer-oriented dimension. In this context, it has been seen only as
part of a peculiar lex specialis within copyright law and not as a horizontal principle
within the EU copyright system. Indeed, the ius cogens in favour of lawful users can
be applied only as part of the special EU regime governing computer programs and
databases, and not when a software package or a database is protected by other
means, such as by contract. This has been affirmed in the Ryanair case,107 where the
CJEU was called on to decide whether the restrictive contractual clauses imposed
by Ryanair (use of the information held on the Ryanair website for private and non-
commercial purposes only, and prohibition of screen scraping) constituted a viola-
tion of Article 15 of the Database Directive. Consequently, the maker of a database
that is not protected by the Database Directive is not obliged to safeguard a mini-
mum level of free use of database contents for lawful users, such as the right for a
lawful user to extract and reuse an insubstantial part of the database’s contents for
any reason. This paradox has also been pinpointed in the study in support of the
evaluation of Directive 96/9/EC on the legal protection of databases, where the
introduction of a rule reversing the CJEU Ryanair ruling is proposed, so that excep-
tions can apply to lawful users whatever contracts may say, and they include a user
right for databases that do not fall within the definition of a database.108
In the meantime, since the analogous concepts of “lawful use” and of “legal/law-
ful access” have appeared and been used inconsistently in subsequent EU copyright
legislation, it is vital that the concept of “lawful use” is given a uniform and hori-
zontal meaning in all European copyright law instruments. The horizontal applica-
tion of the concept of “lawfulness” presupposes a dynamic and flexible interpretation
of “lawfulness”, which inherently encompasses elements of fairness and natural
justice. The expansion of the concept of “lawful use” to encompass the entire copy-
right legal ecosystem inserts a new, better-adjusted dimension into the relationship
between authors, right holders and users.
106
See on this point: Geiger and Izyumenko (2019).
107
Supra n. 93.
108
European Commission (2018), p. 141.
5 Conclusion
The concept of “lawful use” first made its appearance in sectoral EU copyright leg-
islation in relation to information goods. It also appeared sporadically in various EU
copyright provisions in the field of copyright exceptions. Although the concept is
marginal in EU copyright legislation, the CJEU has implicitly consolidated the con-
cept of “lawful use” and expanded its application in relation to the main economic
rights granted by copyright law for all categories of works.
Lawful use could be seen as an oxymoron in EU copyright law. On the one hand,
it is perceived as a means for restricting the use of copyright-protected works in the
sense that there is a trend towards only lawful users being able to avoid liability for
copyright infringement when accessing or using works. On the other hand, the
effective enjoyment of copyright exceptions both in the Software and the Database
Directive has been safeguarded for lawful users only, as lawful users are the only
ones who enjoy exceptions in terms of user rights, which cannot be overridden by
contract.
The two facets of the concept of “lawful use” are organically interlinked. Indeed,
the concept of “lawful use” makes sense if, in addition to being subject to obliga-
tions, the lawful user also possesses certain enforceable rights, whose violation
could be the basis of a legal claim and not only vaguely a privilege or “freedom”. A
first step in this direction is for all EU copyright exceptions to become jus cogens.
After all, if copyright exceptions can be overridden by contracts and technological
protection measures, the concept of a “lawful use” becomes an empty shell.
Accordingly, the effective safeguarding of copyright exceptions presupposes a
redefinition of the legal relationship between the author/right holder through the
prism of Hochfeld’s jural correlative pairing of “right-duty109”. Restructuring copy-
right exceptions as rights, which are distinguishable from permissions, privileges or
freedoms, presupposes the recognition of a corresponding correlative duty on the
part of the author or right holder not to violate the users’ rights. This change must
be accompanied by the introduction of procedural mechanisms, such as the estab-
lishment of autonomous locus standi of lawful users to bring a claim before a court
for the protection of their rights, such as against the neutralisation or restriction of
copyright exceptions.
It is vital to favour a taxonomy of “lawful use” in European copyright legislation.
The concept must be clarified and given a coherent meaning to cover both uses that
are authorised by the right holders and uses that are not restricted by law, by consid-
ering the legal ideals of fairness (which is mainly expressed by the notion of good
faith) and objective reasonableness. These conceptual pillars of lawfulness should
not be seen as mutually antagonistic, but as its necessary and complementary com-
ponents. In the author’s view, the dual function of the concept, which acts both as an
enabling and as a restrictive clause, will provide an enhanced calibration of the
interests of both copyright holders and users.
109
Hohfeld (1913).
58 T.-E. Synodinou
References
Akerlof G (1970) The market for lemons: quality uncertainty and the market mechanism. Q J Econ
84(3):488–500
ALAI Opinion on CJEU, C-161/17, Land Nordrhein-Westfalen v Dirk Renckhoff, [2018],
ECLI:EU:C:2018:634. Available via http://www.alai.org/en/assets/files/resolutions/180529-
opinion-land-nordrhein-westfalen-en.pdf
Arden M (2013) Coming to terms with good faith. JCL 30:199
Beatson J, Friedman D (eds) (2002) Good faith and fault in contract law. Clarendon Press, Oxford
Bellan A (2016) Compared to Svensson, GS Media is not that bad after all. Available via http://
ipkitten.blogspot.com/2016/10/compared-to-svensson-gs-media-is-not.html
Blocher W, Walter M (2010) Computer Program Directive, Article 5. In: Walter M, von Lewinski
S (eds) European copyright law, a commentary. OUP, Oxford
Breedveld-de Voogd CG, Castermans AG, Knigge MW, van der Linden T, ten Oever TA (eds)
(2016) Core concepts in the Dutch Civil Code, continuously in motion. Wolters Kluwer,
Deventer, p 49
Buydens M (1997) Le projet de loi transposant en droit Belge la directive européenne des bases de
données. Auteurs & Media 4:335, 342
Caron C (2006) Droit d’auteur et droits voisins. Lexis Nexis Litec, Paris, p 273
Cohen J (2005) The place of the user in copyright law. Fordham Law Rev 74:347–374
Collins H (1994) Good faith in European contract law. Oxford J Leg Stud 14(2):229–254
Derclaye E (2008) The legal protection of databases: a comparative analysis. Edward Elgar
Derclaye E (2014) The Database Directive. In: Stamatoudi I, Torremans P (eds) European copy-
right law, a commentary. Edward Elgar, Cheltenham
Dormont S (2017) L’arrêt GS Media de la Cour de Justice de l’Union européenne : de précisions en
distinctions, l’hyperlien lui fait perdre son latin. Communication Commerce Electronique (2)
Dusollier S (2000) Incidences et réalités d’un droit de contrôler l’accès en droit européen in Le
Droit d’auteur : un contrôle de l’accès aux œuvres ? Cahiers du CRID n° 18, pp 25–52
Dusollier S (2005) L’utilisation légitime de l’œuvre: un nouveau sésame pour le bénéfice des
exceptions en droit d’auteur ? Communication-Commerce Electronique (11):17–20
Dusollier S, Pouillet Y, Buydens M (2000) Copyright and access to information in the digital envi-
ronment. A study prepared for the Third UNESCO Congress on Ethical, Legal and Societal
Challenges of Cyberspace, Infoethics, Paris
Dussolier S (2005) Droit d’auteur et protection des œuvres dans l’univers numérique, Droits et
exceptions à la lumière des dispositifs de verrouillage des œuvres. Larcier, Bruxelles, p 449
European Commission (2018) Directorate-General for Communications Networks, Content and
Technology, Study in Support of the Evaluation of the Database Directive. Publications Office
of the European Union, Luxembourg
European Copyright Society (2017) General Opinion on the EU Copyright Reform Package, 24
January 2017
Forte ADM (ed) (1999) Good faith in contract and property law. Hart Publishing
Gaster JL (1996) La protection juridique des bases de données à la lumière de la discussion.
In: Doutrelepont, Van Binst, Wilkin (eds) Libertés, Droits Et Résaux Dans La Société De
L’information, pp 38–39
Geiger C (2004) Droit d’auteur et droit du public à l’information, Approche de droit compare.
Litec, Paris
Geiger C, Izyumenko E (2019) Freedom of expression as an external limitation to copyright law
in the EU: The Advocate General of the CJEU shows the way, European Intellectual Property
Review; Centre for International Intellectual Property Studies (CEIPI) Research Paper
N°2018-12. Available at SSRN: https://ssrn.com/abstract=3293735 or https://doi.org/10.2139/
ssrn.3293735
Geiger C, Frosio G, Bulayenko O (2018) The Exception for Text and Data Mining (TDM) in the
Proposed Directive on Copyright in the Digital Single Market-Legal Aspects, In depth Analysis
for the JURI Committee, European Parliament, E 604.941
Ghestin J (1982) L’utile et le juste dans les contrats. Dalloz, chr. 1
Ginsburg J (2000) From having copies to experiencing works: the development of an access right
in U.S. copyright law. Available via http://papers.ssrn.com/paper.taf?ABSTRACT_ID=222493
Grosheide (2002) Database protection—the European way. Wash Univ J Law Policy 8:39.
Available via http://openscholarship.wustl.edu/law_journal_law_policy/vol8/iss1/4
Headdon T (2011) Ghosts in the machine: copyright and temporary copies. Comput Law
22(4):15–18. Available via https://www.blplaw.com/media/pdfs/News%20and%20Views/
SCL_-_November_-_THEA_article.pdf
Hohfeld NW (1913) Some fundamental legal conceptions as applied in judicial reasoning. Yale
Law J 23. Available via http://digitalcommons.law.yale.edu/ylj/vol23/iss1/4
Hoskins (2014) Contractual obligations to negotiate in good faith: faithfulness to the agreed com-
mon purpose. LQR 130:131
Hugenhlotz PB (2017) Flexible copyright, can the author’s rights accommodate fair use? In:
Okediji R (ed) Copyright law in an age of limitations and exceptions. Cambridge University
Press, pp 275–291
Hugenholtz PB, Senftleben M (2011) Fair use in Europe, in search of flexibilities. Available via:
https://www.ie-forum.nl/backoffice/uploads/file/IE-Forum%20P_B_%20Hugenholtz%20
en%20M_R_F_%20Senftleben,%20Fair%20use%20in%20Europe_%20In%20search%20
of%20flexibilities,%20IEF%2010485,%20IViR%2014%20november%202011_.pdf
Koumantos G (1997) Les bases de données dans la directive communautaire. RIDA, n°171,
pp 78–137
Lokhorst G (2017) GS Media in the National Courts: fresh issues on the mean-
ing of ‘for profit’. Available via http://copyrightblog.kluweriplaw.com/2017/01/17/
gs-media-national-courts-fresh-issues-meaning-profit/
Lucas A, Lucas Schloetter A, Bernault C (2017) Traité de la propriété littéraire et artistique.
LexisNexis, Paris
Mackaay E (2012) Good faith in civil law systems. A legal-economic analysis. Revista Chilena de
Derecho Privado, N° 18, pp 149–177
Masse C (1994) Rapport general. In: Travaux de l’Association Henri Capitant, La bonne foi. Litec,
Paris, pp 224–227
Munukka J (2005) Harmonisation of contract law: in search of a solution to the good faith prob-
lem. In: Perspectives on jurisprudence: essays in Honor of Jes Bjarup, pp 229–250. Stockholm
Institute for Scandinavian Law; ISBN: 91-85142-62-X. Available at SSRN: https://ssrn.com/
abstract=3063258X
Peden E (2002) The meaning of contractual good faith. Aust Bar Rev 22, Queensland
Peden E (2009) Implicit good faith - or do we still need an implied term of good faith? J Contract
Law 25, Sydney
Quintais JP, de Leeuw A (2014) No more downloading from unlawful sources?. Kluwer
Copyright Blog. Available via http://copyrightblog.kluweriplaw.com/2014/05/12/
no-more-downloading-from-unlawful-sources/
Rognstad OA (2014) Legally flawed but politically sound? Digital exhaustion of copyright in
Europe after UsedSoft. Oslo Law Review 01, vol 1. Available via https://www.idunn.no/
oslo_law_review/2014/01/legally_flawed_but_politically_sound_digital_exhaustion_
Rolland L (1996) La bonne foi dans le Code civil du Québec: Du général au particulier. Revue de
droit de l’Université de Sherbrooke, vol 26, Sherbrooke
Seville C (2016) EU intellectual property law and policy. Edward Elgar, Cheltenham
Storme M (2003) Good faith and the contents of contracts in European contract law. Electron J
Comp Law 7.1. Available via http://www.ejcl.org/71/art71-1.html
Synodinou T (2010) The lawful user and a balancing of interests in European copyright law.
IIC:819–843
60 T.-E. Synodinou
Synodinou T (2012) The principle of technological neutrality in European copyright law: myth of
reality? EIPR (9):618–627
Synodinou T (2016) EU portability regulation: in-depth analysis of the proposal for the Juri
Committee. European Parliament. Available via http://www.europarl.europa.eu/RegData/
etudes/IDAN/2016/571369/IPOL_IDA(2016)571369_EN.pdf
Synodinou T (2017) Opinion, decoding the Kodi Box: to link or not to link? EIPR (12):733–736
Synodinou T (2019) Lawfulness for users in European copyright law: acquis and perspectives.
JIPITEC 10(1)
Tan ZX (2016) Keeping faith with good faith? The evolving trajectory post-Yam Seng and Bhasin.
J Bus Law 5:420–446
Trakman LE, Sharma K (2014) The binding force of agreements to negotiate in good faith. Camb
Law J 73:598
Triaille J (de Woolf partner), de Meeus d’Argenteuil J and with the collaboration of de Francquen
A (2014) Study on the legal framework of text and data mining (TDM) for the Directorate-
General for the Internal Market and Services, p 110. Available via https://publications.europa.
eu/en/publication-detail/-/publication/074ddf78-01e9-4a1d-9895-65290705e2a5/language-en
van Deursen S, Snijders T (2018) The Court of Justice at the crossroads: clarifying the role for
fundamental rights in the EU copyright framework. IIC 49(9):1080–1098
Van Eechoud M, Hugenholtz PB, van Gompel S, Guibault L, Helberger N (2009) Harmonizing
European copyright law. Wolters Kluwer, Kluwer Law International
Vanbrabant B (2005) Corpus mechanicum v corpus mysticum : des conflits entre l’auteur d’une
oeuvre et le propriétaire du support. Revue de la Faculté de droit de Liège 4:492–534
Vanovermeire V (2000) The concept of the lawful user in the database directive. IIC (1):63–81
Von Lewinski S (2010) Database Directive, Article 6. In: Walter M, von Lewinski S (eds) European
copyright law, a commentary. OUP, Oxford
Voorhoof D (2006) La liberté d’expression est-elle un argument légitime en faveur du non-respect
du droit d’auteur? La parodie en tant que métaphore. In: Strowel A, Tulkens F (eds) Droit
d’auteur et liberté d’expression, Regards francophones, d’Europe et d’ailleurs. Larcier, p 5
Westkamp G (2004) Temporary copying and private communications-the creeping evolution of
use and access rights in European copyright law. George Wash Int Law Rev:1057
Westkamp G (2008) The limits of open source: lawful user rights, exhaustion and co-existence
with copyright law. Intellect Prop Q (14):14–57
Zimmermann R (2001) Roman law, contemporary law, European law-the civilian tradition today.
Oxford University Press, Oxford
Zimmermann R, Whittaker S (eds) (2000) Good faith in European contract law. Cambridge
University Press, Cambridge
Chapter 3
Linking and Copyright: Easier at Last?
First National Applications of the CJEU
GS Media Judgment
Eleonora Rosati
Abstract The Court of Justice of the European Union (CJEU) has been asked to
clarify the appropriate construction of the right of communication to the public
under Article 3(1) of Directive 2001/29 (InfoSoc Directive) in multiple occasions.
When the opportunity first arose—in Svensson and Others, C-466/12—to tackle the
relationship between linking to protected content and Article 3(1) of the InfoSoc
Directive, the resulting judgment proved unsatisfactory. In particular, what remained
uncertain was the treatment of linking to unlicenced content. In GS Media, C-160/15,
the Court finally addressed this scenario. Although this judgment was arguably
more articulated than the one in Svensson and Others, C-566/12, it was not less
ambiguous. The first national decisions issued in the aftermath of the ruling in GS
Media, C-160/15, are a demonstration of all this: national applications show diverg-
ing approaches to the interpretation of relevant CJEU case law or resistance tout
court.
1 The Right of Communication to the Public
The right of communication to the public under Art. 3.1 of the InfoSoc Directive1
has been subject to a significant number of referrals since the first ruling in 2006 in
SGAE, C 306/05.2 By relying on international sources and a purpose-driven
1
harmonisation of certain aspects of copyright and related rights in the information society, OJ L
167 (InfoSoc Directive).
2
They are (in chronological order, as of August 2018): CJEU, SGAE v Rafael Hoteles SA, Case C
306/05, Judgment of 7 December 2006; CJEU, Organismos Sillogikis Diacheirisis Dimiourgon
Theatrikon kai Optikoakoustikon Ergon v Divani Anonimi Xenodocheiaki kai Touristiki Etaireia,
Case C 136/09, Judgment of 18 March 2010; CJEU, Circul Globus Bucureşti v Uniunea
Compozitorilor şi Muzicologilor din România—Asociaţia pentru Drepturi de Autor (UCMR—
E. Rosati (*)
Law Department, Stockholm University, Stockholm, Sweden
e-mail: eleonora@e-lawnora.com

https://doi.org/10.1007/978-3-030-25579-4_3
62 E. Rosati
interpretation of the InfoSoc Directive, the CJEU has construed this exclusive right
broadly and in such a way as to encompass, subject to a number of conditions, dif-
ferent types of acts, including the making available of TV sets in certain contexts,
linking to protected content, the provision of certain types of set-up boxes, indexing
activities by a platform, and cloud-based recording services.3
At the international level, the right of communication to the public received its
first formulation in Article 11bis of the Berne Convention, as adopted in 1928 and
later revised by the Brussels Act 1948.4 The WIPO Copyright Treaty supplemented
the Berne Convention,5 and introduced the concept of ‘making available to the
public’.6
The wording of Art. 3.1 of the InfoSoc Directive is derived from Art. 8 of the
WIPO Copyright Treaty. However, Art. 3.1 of the InfoSoc Directive does not define
the concept of ‘communication to the public’. This provision, in fact, only states
that:
ADA), Case C 283/10, Judgment of 24 November 2011; CJEU, Football Association Premier
League Ltd and Others v QC Leisure and Others (C 403/08) and Karen Murphy v Media Protection
Services Ltd (C 429/08), Joined cases C 403/08 and C 429/08, Judgment of 4 October 2011; CJEU,
Airfield NV, Canal Digitaal BV v Belgische Vereniging van Auteurs, Componisten en Uitgevers
CVBA (Sabam) (C-431/09) and Airfield NV v Agicoa Belgium BVBA (C-432/09),, Case C 431/09
and C 432/09, Judgment of 13 October 2011; CJEU, SCF v Marco Del Corso, Case C 135/10,
Judgment of 15 March 2012; CJEU, Phonographic Performance v Ireland, Attorney General, Case
C 162/10, Judgment of 15 March 2012; CJEU, ITV Broadcasting v TV Catchup Ltd, Case C
607/11, Judgment of 7 March 2013; CJEU, Svensson and Others v Retriever Sverige AB, Case C
466/12, Judgment of 13 February 2014; CJEU, OSA v Léčebné lázně Mariánské Lázně a.s., Case
C 351/12, Judgment of 27 February 2014; CJEU, BestWater v Michael Mebes and Stefan Potsch,
C 348/13, Judgment of 21 October 2014; CJEU, C More Entertainment AB v Linus Sandberg, Case
C 279/13, Judgment of 26 March 2015; CJEU, Sociedade Portuguesa de Autores CRL v Ministério
Público and Others, Case C 151/15, Judgment of 14 July 2015; CJEU, SBS Belgium v Belgische
Vereniging van Auteurs, Componisten en Uitgevers (SABAM), Case C 325/14, Judgment of 19
November 2015; CJEU, Reha Training Gesellschaft für Sport- und Unfallrehabilitation mbH v
Gesellschaft für musikalische Aufführungs- und mechanische Vervielfältigungsrechte eV (GEMA),
Case C 117/15, Judgment of 31 May 2016; CJEU, GS Media v Sanoma Media Netherlands BV and
Others, Case C 160/15, Judgment of 8 September 2016; CJEU, AKM v Zürs.net Betriebs GmbH,
Case C 138/16, Judgment of 16 March 2017; CJEU, Stichting Brein v Jack Frederik Wullems, Case
C 527/15, Judgment of 26 April 2017; CJEU, Stichting Brein v Ziggo BV and XS4All Internet BV,
Case C 610/15, Judgment of 14 June 2017; CJEU, VCAST Limited v RTI SpA, Case C 265/16,
Judgment of 29 November 2017; and CJEU, Land Nordrhein-Westfalen v Dirk Renckhoff, Case C
161/17, Judgment of 7 August 2018.
3
According to some commentators, rather than a unified concept of communication to the public,
in its case law the CJEU has created specific sui generis groups of communication to the public
cases: see Clark and Tozzi (2016), p. 717.
4
World Intellectual Property Organization (2003); Berne Convention for the Protection of Literary
and Artistic Works (Paris Act of 24 July 1971 as amended on 28 September 1979) (Bern
Convention) 11bis.
5
Article 1.4 of the WIPO Copyright Treaty mandates compliance with Articles 1 to 21 of and the
Appendix to the Berne Convention.
6
On the concept of making available within Article 8 of the WIPO Copyright Treaty, see Walter
and von Lewinski (2010), pp. 975–980.
3 Linking and Copyright: Easier at Last? First National Applications of the CJEU GS… 63
[EU] Member States shall provide authors with the exclusive right to authorise
or prohibit any communication to the public of their works, by wire or wireless
means, including the making available to the public of their works in such a way
that members of the public may access them from a place and at a time individually
chosen by them.
Lacking a definition of the notion of ‘communication to the public’, the CJEU
has sought to determine the meaning and scope of this concept in light of the objec-
tives pursued by the InfoSoc Directive, notably ensuring a high level of protection
of intellectual property (Recital 24) and for authors. In its rich body of case law on
Art. 3.1, the Court has consistently stated that the essential requirements of Art. 3.1
are an ‘act of communication’ directed to the ‘public’. In addition, the CJEU also
highlighted the importance of considering additional criteria, which are not autono-
mous and are interdependent, and may—in different situations—be present to
widely varying degrees. Such criteria must be applied both individually and in their
interaction with one another.7
1.1 R
equirements and Criteria Under Art. 3.1
of the InfoSoc Directive8
Starting from ‘public’, this is a concept that has not been straightforward to compre-
hend because the relevant understanding may change depending on the context.9 In
general terms, the notion of ‘public’ is that of an indeterminate and fairly large
(above de minimis) number of people.10 In the case of a communication concerning
the same works as those covered by the initial communication and made by the
same technical means (e.g., internet), the communication must be directed to a
‘new’ public. Derived from the interpretation given by the 1978 WIPO Guide to the
Berne Convention of Article 11bis(1)(iii) of the Berne Convention as first employed
by Advocate General (AG) La Pergola in his Opinion in EGEDA, C 293/98,11 the
‘new public’ that is relevant to the establishment of Art. 3.1 applicability is the pub-
lic that was not considered by the relevant rightholder when they authorised the
initial communication to the public.12
7
SCF, par. 79; Phonographic Performance (Ireland), par. 30; Reha Training, par. 35; GS Media,
par. 34; Stichting Brein, C-527/15, par. 30; Stichting Brein, C-610/15, par. 25.
8
This part builds upon Rosati (2017a), pp. 1233–1238 and Rosati (2017b), p. 737 ff.
9
Karapapa (2017), p. 66.
10
SGAE, par. 38; SCF, par. 84; Phonographic Performance (Ireland), par. 33; ITV Broadcasting,
par. 32; Svensson and Others, par. 21; OSA, par. 27; Sociedade Portuguesa de Autores CRL, par.
19; SBS Belgium, par. 21; GS Media, par. 36; Stichting Brein, C-527/15, par. 45; AKM, par. 24;
Stichting Brein, C-610/15, par. 27 and 42.
11
Opinion of Advocate General Antonio Mario La Pergola in EGEDA, C-293/98, EU:C:1999:403,
par. 20. See further Hugenholtz and Van Velze (2016), pp. 802–803.
12
SGAE, par. 40, 42; Organismos Sillogikis Diacheirisis Dimiourgon Theatrikon kai
Optikoakoustikon Ergon, par. 39; Football Association Premier League and Others, par. 197,
64 E. Rosati
On the notion of ‘act of communication’, case law appears now solidly oriented
in the sense of requiring the mere making available of a copyright work—not its
actual transmission13—in such a way that the persons forming the public may access
it, irrespective of whether they avail themselves of such opportunity.14 In cases
where the CJEU has held the making available of a work sufficient, the Court has
however indicated the need to consider whether there is a necessary and deliberate
intervention on the side of the user/defendant, without which third parties could not
access the work at issue. More specifically, the user makes an act of communication
when it intervenes—in full knowledge of the consequences of its action—to give
access to a protected work to its customers, and does so, in particular, where, in the
absence of that intervention, their customers would not, in principle, be able to
enjoy the work.15 With particular regard to the notion of indispensability of one’s
own intervention, the Court has recently clarified that an intervention which facili-
tates access to unlicensed content that would be otherwise more difficult to locate
qualifies as an ‘indispensable intervention’.16 Over time, the CJEU has indeed dis-
missed attempts to interpret this criterion narrowly. A clear example is GS Media, C
160/15. In his relevant Opinion, AG Wathelet had excluded tout court that the unau-
thorised provision of a link to a copyright work—whether published with the con-
sent of the rightholder or not—could be classified as an act of communication to the
public. This would be so, considering that to establish an act of communication, the
intervention of the ‘hyperlinker’ must be vital or indispensable to benefit from or
enjoy the relevant copyright work. Hyperlinks posted on a website that direct to
copyright works freely accessible on another website cannot be classified as an ‘act
of communication’: the intervention of the operator of the website that posts the
hyperlinks is not indispensable to the making available of the works in question to
users.17
Airfield and Canal Digitaal, par. 72; Svensson and Others, par. 24; OSA, par. 31; Reha Training,
par. 45; GS Media, par. 37; Stichting Brein, C 527/15, par. 47; Stichting Brein, C 610/15, par. 28;
Renckhoff, par. 24. But cf AKM, par. 26-27, suggesting that consideration of whether the com-
munication at hand is addressed to a ‘new public’ is required also when the specific technical
means used is different. On whether terms and conditions of use of a certain website might be
relevant to determine whether the public targeted by the defendant’s link is ‘new’, see (arguing in
the negative) McBride (2017), pp. 275–277.
13
This appeared to be the case in: Circul Globus Bucureşti, par. 40; Football Association Premier
League and Others, par. 190, 193, and 207; OSA, par. 25; SBS Belgium, par. 16; and Reha Training,
par. 38.
14
SGAE, par. 43; Svensson and Others, par. 19; GS Media, par. 27; Stichting Brein, C 527/15, par.
36, AKM, par. 20; Stichting Brein, C 610/15, par. 19; Renckhoff, par. 20. On the accessibility crite-
rion, see (critically) Koo (2018), pp. 545–546.
15
SGAE, par. 42; Football Association Premier League and Others, par. 194, 195; Airfield and
Canal Digitaal, par. 79; SCF, par. 82; Phonographic Performance (Ireland), par. 31; Reha
Training, par. 46; GS Media, par. 35; Stichting Brein, C 527/15, par. 31; Stichting Brein, C 610/15,
par. 26.
16
Stichting Brein, C 527/15, par. 41; Stichting Brein, C 610/15, par. 26.
17
Opinion of Advocate General Melchior Wathelet in GS Media, C 160/15, Opinion of 7 April
2016, par. 57–60.
Another criterion considered by the CJEU is whether the user/defendant merely

provides physical facilities or not. While the mere provision of physical facilities
does not amount to an act of communication to the public (Recital 27), the installa-
tion of such facilities may make the public access to copyright works technically
possible, and thus fall within the scope of Art. 3.1 of the InfoSoc Directive.18
In addition to the requirements of an act of communication directed to the public,
the Court also considered—from time to time—other non-autonomous and interde-
pendent criteria (having no clear textual basis). Such criteria may, in different situ-
ations, be present to widely varying degrees. They must be applied both independently
and in their interaction with one another.19 In GS Media, C 160/15, the Court, among
other things, relied in particular on the ‘profit-making’ character of the communica-
tion at issue to determine potential liability of the ‘hyperlinker’ for the posting of
links to unlicenced content. Before GS Media, C 160/15, the profit-making charac-
ter of the communication at issue had not been given the centrality that the Court did
instead acquire in that case: in Reha Training, C 117/15, for instance, the Grand
Chamber of the CJEU considered that this criterion, while not irrelevant, would not
however be decisive.20 In GS Media, C 160/15, instead, the Court adopted a rebut-
table presumption that ‘when the posting of hyperlinks is carried out for profit, it
can be expected that the person who posted such a link carries out the necessary
checks to ensure that the work concerned is not illegally published on the website to
which those hyperlinks lead, so that it must be presumed that that posting has
occurred with the full knowledge of the protected nature of that work and the pos-
sible lack of consent to publication on the internet by the copyright holder.’21
Overall, in the context of communication to the public by linking, the Court deemed
it necessary to move towards an assessment in which the subjective element is deci-
sive for determining prima facie liability.22
The operation of this presumption was confirmed in the subsequent ruling in
Stichting Brein, C 527/15.23 As discussed more at length elsewhere, it might not be
self-evident whether the presence of a profit-making intention should be assessed in
relation to the specific act of communication at hand, or the broader context in
which such act is performed (see also below Sect. 2.3). Although both alternatives
may be plausible, consideration of the context in which the relevant link is provided
is more in line with existing CJEU case law, both preceding and following GS
18
SGAE, par. 45–47.
19
GS Media, par. 34, referring to: SCF, par. 79; Phonographic Performance (Ireland), par. 30; and
Reha Training, par. 35.
20
Reha Training, par. 49, referring to: ITV Broadcasting and Others, par. 43; and Football
Association Premier League and Others, par. 204. Commenting favourably on the consideration of
the profit-making character of the communication at issue, see Mysoor (2013), p. 182.
21
GS Media, par. 51.
22
On this, see (critically) Synodinou (2017), p. 735.
23
Stichting Brein, C 527/15, par. 49, 51.
66 E. Rosati
Media, C 160/15.24 In SGAE, C 306/05, Football Association Premier League and

Others, C 403/08 and C 429/08, and Reha Training, C 117/15, in fact, the Court
considered that the profit-making nature of the communication would be apparent
from the fact that the defendants transmitted the relevant works in their own estab-
lishment (hotels, a public house and a rehabilitation centre, respectively) to benefit
therefrom and attract customers to whom the works transmitted are of interest.25 In
Stichiting Brein, C 527/15, the CJEU identified the profit-making intention of the
defendant in the circumstance that the relevant multimedia player ‘is supplied with
a view to making a profit, the price for the multimedia player being paid in particu-
lar to obtain direct access to protected works available on streaming websites with-
out the consent of the copyright holders.’26
2 Communication to the Public and Linking
2.1 Svensson and Others, C 466/12
In its 2014 decision in Svensson and Others, C 466/12, the CJEU ruled that, at cer-
tain conditions, the provision of a hyperlink to a work hosted on a third-party web-
site falls within the scope of copyright protection. More specifically, linking to
protected content may be regarded as an act of communication to the public within
Art. 3.1 of the InfoSoc Directive. Qualification of linking as an act of communica-
tion to the public means that, when the link in question is provided without permis-
sion from the relevant rightholder, this activity could amount, prima facie, to
copyright infringement. Whether the act in question is an actual infringement
depends on additional considerations, including whether the work at hand is pro-
tected by copyright in the first place, and whether the defendant may successfully
invoke one or more copyright defences available under the applicable national
copyright regime.
The main question of the referring court, the Svea Court of Appeal (Sweden),
was whether the provision of a hyperlink to a work lawfully made available on a
certain website where it is freely accessible is to be regarded as an act of communi-
cation to the public within Art. 3.1 of the InfoSoc Directive. This reference for a
preliminary ruling had been made in the context of proceedings between a number
of journalists and media monitoring provider Retriever, and concerned their request
for compensation for the harm suffered as a result of the inclusion, on the latter’s
24
Rosati (2017a), pp. 1237–1238. In a similar sense, see also Clark and Dickinson (2017), pp. 269–
270. Submitting instead that the profit-making intention of the ‘hyperlinker’ is to be appreciated
with regard to the particular act of hyperlinking, see Rendas (2017), pp. 14.
25
SGAE, par. 44; Football Association Premier League and Others, par. 205–206; Reha Training,
par. 63–64.
26
Stichting Brein, C 527/15, par. 51.
website, of hyperlinks redirecting users to press articles (in which the applicants
held the copyright) freely accessible on the Göteborgs-Posten website.
In its decision, the CJEU noted that the concept of communication to the public
within Art. 3.1 of the InfoSoc Directive includes two cumulative criteria: an ‘act of
communication’ of a work, directed to the ‘public’.27 On the first condition, the
Court arguably paid lip-service to the requirement that the concept of ‘communica-
tion to the public’ be construed broadly to ensure, in accordance with, inter alia,
Recitals 4, 9 and 23 in the preamble of the InfoSoc Directive, a high level of protec-
tion for rightholders. The provision of hyperlinks on a website to protected works
published without any access restrictions on another site offers to the users of the
first site direct access to those works, and therefore amounts to an ‘act of
communication’.28
Turning to the second condition, i.e., that the communication is directed to the
‘public’, the CJEU recalled that the term ‘public’ refers to an indeterminate number
of potential recipients and implies a fairly large number of persons.29 However, an
act of communication within Article 3.1 of the InfoSoc Directive requires that a
communication concerning the same works as those covered by the initial commu-
nication and made by the same technical means (i.e., internet), must also be directed
to a ‘new’ public. This is the public that was not considered by the relevant right-
holder when they authorised the initial communication to the public.30
The CJEU concluded that the provision of a hyperlink to a work lawfully and
freely accessible on a third-party website does not fall within the scope of Art. 3.1.
of the InfoSoc Directive. This is because the public targeted by the initial commu-
nication consists of all potential visitors to the site concerned. As such, the hyper-
link would not communicate the work to the public not considered by the relevant
rightholder at the time of authorising the initial communication.31 If there is no
‘new’ public, then there is no infringing act. In this sense, the requirement that the
public targeted by the act of linking be new means overcoming something that, on
the side of the relevant rightholder, may be regarded as an implied licence. Indeed,
this argument holds true if the content made available online and linked to have
been published with the consent of the relevant rightholder.32 The CJEU itself
framed the ‘new public’ requirement within a licencing perspective. In Soulier and
27
Svensson and Others, par. 16, referring to ITV Broadcasting, par. 21, 31.
28
In its opinion before the CJEU judgment, the European Copyright Society held the view that
linking could not qualify as an act of communication to the public, also on consideration that a
transmission of a work—as opposed to its mere accessibility—would be required under Article
3(1) of the InfoSoc Directive: see European Copyright Society (2013). See, contra, Association
Littéraire et Artistique Internationale (2013).
29
Svensson and Others, par. 21, referring to SGAE, par. 37-38, and ITV Broadcasting, -607/11,
par. 32.
30
Svensson and Others, par. 24, recalling (by analogy): SGAE, par. 40, 42; Organismos Sillogikis
Diacheirisis Dimiourgon Theatrikon kai Optikoakoustikon Ergon, par. 38; and ITV Broadcasting,
par. 39.
31
Svensson and Others, par. 25–28.
32
See Arezzo (2014), p. 543, and Ginsburg (2014).
68 E. Rosati
Doke, C 301/15, referring to its earlier decision in Svensson and Others, C 466/12,
it held in fact that in a situation in which an author had given prior, explicit and
unreserved authorisation to the publication of his articles on the website of a news-
paper publisher, without making use of technological measures restricting access to
those works from other websites, that author could be regarded, in essence, as hav-
ing authorised the communication of those works to the general internet public.33
According to some commentators, consideration of the ‘new public’ requirement
would be based on an incorrect interpretation of international law, and would result
in an undue (cf Art. 3.3 of the InfoSoc Directive) exhaustion of the right of com-
munication to the public.34
2.2 BestWater, C 348/13
The Court confirmed the approach taken in Svensson and Others, C 466/12, in the
subsequent 2014 order in BestWater, C 348/13, in which it indicated that the provi-
sion of a link to a content that is freely accessible on a third-party website does not
fall within the scope of Art. 3.1 of the InfoSoc Directive. In that case, the Court
failed to address the fact that the content linked to and embedded on the defendant’s
page had been uploaded on YouTube without the authorisation of the relevant copy-
right holder. Hence, even after BestWater, C 348/13, it remained unclear what the
treatment of linking to protected content available on a third-party website and first
communicated without the consent of the relevant rightholder, i.e., unlicenced con-
tent, would be.35 Logically, if one followed the reasoning of the CJEU in Svensson
alone and fully, then linking of this kind would always be regarded as an act falling
within the scope of Art. 3.1 of the InfoSoc Directive and for linking that involves
embedding/framing, also issues of reproduction—which the CJEU has not yet
addressed—would come into consideration. The relevant rightholder, in fact, would
have had no public in mind, since they never authorised the making available of
their work in the first place. Accordingly, linking to content of this kind should be
always regarded as an act of communication to a ‘new public’. Yet, when the oppor-
tunity arose to address this particular scenario, AG Wathelet, first, and then the
CJEU, took a different direction.36
33
CJEU, Soulier and Doke, Case C 301/15, Judgment of 16 November 2016, par. 36.
34
Association Littéraire et Artistique Internationale (2014), p. 2. See also Rosén (2016), pp. 341–
347, holding that the CJEU approach in Svensson and Others, C 466/12 would be incompatible
with international law and EU directives.
35
Also, outlining the interpretative doubts left by the decisions in Svensson and Others, C 466/12
and BestWater, C 348/13, see Leistner (2015b), p. 636.
36
In their analysis, Ginsburg and Budiardjo (2018), pp. 169–170, submit that post-Svensson case
law might have reduced the centrality of the ‘new public’ criterion.
2.3 GS Media, C 160/15
This case originated as a reference for a preliminary ruling from the Dutch Supreme
Court. It had been made in the context of proceedings between the publisher of
Playboy magazine and GS Media, concerning the publication by the latter on a
website that it operated (GeenStijl) of hyperlinks to other websites hosting unpub-
lished photographs of Dutch TV personality Britt Dekker, that had been taken for a
forthcoming issue of Playboy. In 2011 (before the publication of the Playboy issue
in question), GS Media published a report containing a hyperlink to an Australian
data-storage website, where the photographs appeared to be freely accessible and
available for download.37 As explained by AG Wathelet, the report carried the title
‘[obscenity] leaked! Nude photos … Dekker’. The report, which also included part
of one of the photographs in the top left-hand corner, ended with the following
words: ‘And now the link with the pics you’ve been waiting for. Whoever [obscen-
ity] first, [obscenity] first. HERE. […]’. By clicking on a hyperlink, indicated by
‘HERE’, readers were directed to an Australian data-storage website called
Filefactory.com. By clicking on the following hyperlink, they could open a new
window that contained the button ‘DOWNLOAD NOW’. By clicking on the button,
the readers opened a file in zip format containing 11 files in pdf format, each of
which contained one of the photographs.38
Despite Sanoma’s demands, GS Media refused to remove the hyperlink in ques-
tion. Although the photographs were eventually deleted on the filefactory.com web-
site, they were subsequently made available at another online location. GS Media
published two further reports with new hyperlinks to Dekker’s photographs.
Sanoma succeeded in its actions before the Amsterdam District Court and the
Amsterdam Court of Appeal, although these courts considered different aspects.
The former held that, by posting those hyperlinks, GS Media’s conduct had been
unlawful because it encouraged visitors to GeenStijl to view the photographs unlaw-
fully posted elsewhere and which, without those hyperlinks, would have not been
easy to find. In contrast, the appellate court held that, on the one hand, GS Media
had infringed copyright by posting a cut-out of one of the photographs on its own
website but, on the other hand, had not made the photographs available to the public
by posting the hyperlinks on its website.39
The decision of the Court of Appeal was appealed before the Supreme Court,
which decided to stay the proceedings and refer the case to the CJEU for a prelimi-
nary ruling asking whether the provision on a website of a hyperlink to another
website operated by a third party, which is accessible to the general internet public
and on which works protected by copyright are made available to the public without
the authorisation of the copyright holder, constitutes an act of communication to the
37
AG Wathelet noted that whether this was the case was not entirely clear: Opinion of Advocate
General Melchior Wathelet in GS Media, C 160/15, Opinion of 7 April 2016, par. 71.
38
Ibid, par. 10.
39
GS Media, par. 17–18.
70 E. Rosati
public; the fact that the person who posts the hyperlink to a website is or ought to be
aware of the lack of consent by the copyright holder for the initial communication
of the works on that website is important for the purpose of Art. 3.1 of InfoSoc
Directive; the fact that a hyperlink has facilitated access to the works in question is
relevant in accordance with Article 3.1.
The CJEU held that the provision of a hyperlink (but it would appear that the
same reasoning may be applied to other types of links)40 to a copyright work that is
freely accessible and was initially published without the rightholder’s consent on
another website does not constitute a communication to the public, as long as the
person who posts that link does not seek financial gain and acts without knowledge
that such work has been published without a licence from the relevant rightholder.
The CJEU began its analysis with a general discussion of the preventative nature
of the right of communication to the public.41 It mentioned the lack of definition in
the body of the InfoSoc Directive and, hence, the need to refer to the objectives
pursued by this piece of EU legislation: high level of protection of authors, but also
a fair balance of contrasting rights and interests, likewise protected by the Charter
of Fundamental Rights of the European Union42 (EU Charter). Having recalled the
requirement under Art. 3.1 of the InfoSoc Directive,43 it noted how an individual
assessment is to be undertaken in specific instances by considering several comple-
mentary criteria. These are not autonomous and are interdependent, and may, in
different situations, be present to widely varying degrees. They must be applied
both individually and in their interaction with one another. One of such criteria is
the indispensable/essential role played by the user and the deliberate nature of its
intervention: the user makes an act of communication when it intervenes, in full
knowledge of the consequences of its action, to give access to a protected work to
its customers, and does so, in particular, where, in the absence of that intervention,
its customers would not, in principle, be able to enjoy the work.44 Other criteria
include: a communication using specific technical means,45 different from those
previously used or, failing that, to a ‘new public’ and the profit-making nature of the
communication. According to the court, it is in the light, in particular, of these cri-
teria that a situation like that one at issue in the background proceedings should be
assessed.46 Reviewing earlier case law, the CJEU noted how it could not be inferred
40
But cf. Leistner (2017), pp. 138–139, holding that not all links should be treated the same, in that
the provider of a framed link should be under more than a merely minimal duty to check the law-
fulness of the posted material.
41
GS Media, par. 28.
42
Charter of Fundamental Rights of the European Union, OJ C 326, 26.10.202, pp. 391–407.
43
Ibid, par. 30–32, referring to Svensson and Others, par. 16; SBS Belgium, par. 15; and Reha
Training, par. 37.
44
GS Media, par. 33–35, also referring (par. 34) to: SCF, par. 79; Phonographic Performance
(Ireland), par. 30; and Reha Training, par. 35.
45
As noted by Leistner (2015a), p. 634, the definition of the same technical means has been rather
generous in CJEU case law: for instance, on the internet all potential and different forms of com-
munication appear to constitute the same technical means.
46
from previous case law that, lacking the relevant rightholder’s consent, a link would
invariably amount to an unauthorised act of communication to the public.47
In light of this conclusion, the court made two observations. First, the internet is
of particular importance to freedom of expression and of information, and hyper-
links contribute to its sound operation, as well as to the exchange of opinions and
information in a network characterised by the very availability of immense amounts
of information. Second, it may be difficult, in particular for individuals who wish to
post such links, to ascertain whether the website to which those links are expected
to lead provides access to works that are protected and, if necessary, whether the
copyright holders of those works have consented to their posting on the internet.
Checking is all the more difficult where those rights have been subject to sub-
licences. Moreover, the content of a website to which a hyperlink enables access
may be changed after the creation of that link, including the protected works, with-
out the person who created that link necessarily being aware of it.
To determine whether the provision of a hyperlink to unlicenced content amounts
to an act of communication to the public, the CJEU considered the complementary
criteria mentioned above, notably the profit-making intention and the subjective
state of mind of the ‘hyperlinker’. According to the court, when the provision of a
hyperlink to a work freely available on another website is carried out by a person
who, in so doing, does not pursue a profit, it is necessary to consider that such per-
son is unaware that such work had been published on the internet without the con-
sent of the relevant rightholder. In other words, in such circumstances, the link
provider does not intervene in full knowledge of the consequences of their
conduct.
Conversely, the provision of a hyperlink to protected content would amount to an
act of communication to the public in the following situations. First, when the
‘hyperlinker’ knows or ought to have known that the hyperlink posted would pro-
vide access to a work unlawfully placed on the internet, for example owing to the
fact that it was notified to this effect by the relevant rightholder. Second, when the
hyperlink at issue allows users of the website on which they are posted to circum-
vent the restrictions taken by the site where the protected work is posted to restrict
the public’s access to its own subscribers.48 While the latter scenario appears to lead
to a finding of copyright infringement, the same may not be also true in relation to
the former. In fact, as the CJEU explained at paragraph 53, liability of the ‘hyper-
linker’ would follow not only from knowledge that the content linked to is unli-
cenced, but also from the impossibility to invoke successfully a defence allowed by
Art. 5.3 of the InfoSoc Directive and available under the applicable national copy-
right regime.49
The court also added a presumptio iuris tantum, i.e., rebuttable: when the posting
of hyperlinks is carried out for profit, it can be expected that the person who posted
such a link carries out the necessary checks to ensure that the work concerned is not
47
Ibid, par. 43.
48
49
Ibid, par. 53.
72 E. Rosati
illegally published on the website to which those hyperlinks lead, so that it must be
presumed that posting has occurred with the full knowledge of the protected nature
of that work and the possible lack of consent to publication on the internet by the
copyright holder.50
In the case at hand, the defendant provided the hyperlinks for profit, yet knowing
that the photos had been published without the copyright holders’ permission. The
Court found that a situation of this kind would be clearly one of prima facie copy-
right infringement,51 although it failed to clarify whether the profit-making intention
should relate to the provision of the link per se or, rather, the overall context in
which the link is provided. Should one consider whether the relevant link is pro-
vided with the intention to make a profit? Or should rather one consider the sur-
rounding environment to the relevant link, e.g., whether it is provided on a website
that is operated for profit? Although both alternatives appear plausible, as detailed
above (Sect. 2.1), consideration of the context in which the relevant link is provided
appears to be more in line with earlier CJEU case law.
Following the CJEU decision in GS Media, C 160/15, the legal treatment of link-
ing under Art. 3.1 of the InfoSoc Directive is summarised in the table below52:
Content
published with Profit- Knowledge that Act of
Accessibility rightholder’s making content linked communication Potential
of content consent intention to is unlawful to the public infringement
Freely Yes n/a n/a No (Svensson, No
accessible GS Media)
Not freely Yes n/a n/a Yes (BestWater, Yes
accessible GS Media)
Freely No No No No (GS Media) No
accessible
Freely No No Yes (e.g., Yes (GS Media) Yesa
accessible because
notified)
Freely No Yes Presumed Yes (GS Media) Yesa
accessible (rebuttable
presumption)
Not freely No n/a n/a Yes Yes
accessible
a
If rightholder notifies link provider (without prior knowledge of unlawfulness) that the content
linked to is unlawful and the latter refuses to remove the link and exceptions and limitations in Art.
5.3 of the InfoSoc Directive are inapplicable
50
Ibid, par. 51.
51
Ibid, par. 54.
52
This table was first published in Rosati (2016).
3 Linking after GS Media, C 160/15, Before National Courts
On linking, national applications demonstrate diverging approaches to the interpre-

tation of relevant CJEU case law or resistance tout court. This has been particularly
the case of the presumption of knowledge for for-profit link providers, as envisaged
in GS Media, C 160/15: should the profit-making intention be referred to the act of
linking as such (as the Athens Court of Appeal held in 201753) or, rather, the context
in which the link is provided?
3.1 Sweden
The first national court to apply this CJEU decision was the Attunda District Court
(Sweden) in 2016.54 In 2012, the claimant realised a video that was subsequently
uploaded by a third party on YouTube without her authorisation. The defendant
embedded the video on its own website in the context of an article describing the
content of the incident portrayed in the video. In her action, the claimant submitted
that the defendant had infringed copyright in her video by both embedding it and
publishing a frozen still of the video on its website. Considering whether the provi-
sion of an embedded link to content whose publication on a third-party site has not
been authorised would amount to a copyright infringement, the Attunda court found
that the GS Media presumption relates to the context in which the link is provided.
In the case at issue, it was apparent that the defendant’s press publication had pub-
lished the link to the claimant’s YouTube video with the intention of pursuing a
profit. According to the court, the defendant had not been able to demonstrate that it
had no knowledge of the unlicenced character of the video embedded on its website.
Hence, it was found to have infringed the claimant’s copyright by linking to the
YouTube video without the claimant’s permission.
3.2 Germany
Following Sweden, still in 2016, it was the turn of the Regional Court of Hamburg
(Germany) to provide the first application (by means of an interim decision55) of GS
Media, C 160/15. In that case, the German court reasoned along lines similar to the
Attunda court in Sweden, holding that the presumption of knowledge refers to
53
Court of Appeal of Athens, decision No 1909/2017 (18th section), on which see Chiou (2017).
54
Attunda Tingsrätt, Jonsson v Les Éditions de l’Avenir SA, FT 11052-15, 13.10.2016, on which
see Malovic and Haddad (2017), pp. 89–90.
55
LG Hamburg, 310 O 402/16, on which see Brüß (2016) and Abrar (2016).
74 E. Rosati
for-profit contexts, rather than individual links provided with a profit-making

intention.
Despite a similar approach being followed in the Czech Republic,56 subsequent
decisions in Germany have, however, appeared to take a rather different direction.
Thus, in its 2017 decision concerning copyright content displayed on Google
Images by means of thumbnails,57 Germany’s Federal Court of Justice dismissed the
action that the operator of a photography website had brought against Google and
its search engine. The former operated a website that included a restricted (password-
protected) area to which customers could only access upon payment of a fee. Some
of the photographs hosted in the restricted area were re-uploaded unlawfully by
customers onto freely accessible websites. Relevant thumbnails were subsequently
indexed on Google Images from such freely accessible sites. According to the
claimant, by indexing and displaying thumbnails of the photographs to which it
owns the copyright, Google had infringed its own exclusive right of communication
to the public pursuant to the right of communication to the public within §15(2) of
the German Copyright Act (Urheberrechtsgesetz—UrhG).
The Federal Court of Justice held that Google had not infringed the claimant’s
copyrights by displaying thumbnails of and links to photographs publicly available
on the internet without the rightholder’s consent. To reach this conclusion, the court
considered that in GS Media, C 160/15, the CJEU had stressed the importance of
the internet to freedom of expression and of information: hyperlinks contribute to its
sound operation, as well as to the exchange of opinions and information in that
network characterised by the availability of immense amounts of information.
Although GS Media, C 160/15, envisages a presumption of knowledge for for-profit
link providers, such a presumption would not apply to search engines and for links
displayed by search engines, because of the particular importance of these subjects
to the functioning of the internet. Accordingly, the provider of a search function
cannot be expected to check the lawfulness of the images automatically retrieved
from publicly accessible websites. An approach critical of CJEU linking case law
may be also discerned in two further cases decided by German courts.
In a case concerning liability of the operator of a product search engine, the
Regional Court of Hamburg ruled that the simple linking of a work hosted on a
third-party site by way of ‘framing’ does not constitute an act of communication to
the public.58 The decision originated in the context of proceedings brought against
the operator of a product search engine that listed furniture and home accessories
for sale by the operator of a website on which it offered photos and products dis-
played by photographs (to which it owned the rights) depicting a pug dog named
Loulou. The claimant discovered that the defendant’s website also displayed among
the various results a listing for a cushion (available for sale on Amazon) that repro-
duced—without his permission—one of its photographs. He submitted that, by
56
District Court for Prague 4, 33 T 54/2016, on which see Vivoda (2017), pp. 363–364.
57
Bundesgerichtshof, I ZR 11/16 - Preview III.
58
LG Hamburg, 308 O 151/17.
d isplaying this result, the defendant had made unauthorised acts of making avail-
able and communication to the public.
The Hamburg court dismissed the action, holding that the simple linking of a
work hosted on a third-party site by way of ‘framing’ does not constitute an act of
making available to the public within §19a UrhG. The only provision that might
come into consideration would thus be the ‘unnamed’ right of communication to the
public within §15(2) UrhG. To determine whether that would be actually the case,
the court deemed it necessary to review relevant CJEU case law on Article 3.1 of the
InfoSoc Directive. The court excluded that there would be a communication to the
public in the case at issue. Although the requirement of the ‘new public’ was met,
the act at issue would not take place with the indispensable intervention of the
defendant. According to the court, the defendant in this case—although operating
for a profit—had neither positive knowledge of the unlawfulness of the offer dis-
played through its search engine, nor could it have acquired knowledge of the offer’s
unlawfulness in a reasonable way.
The links displayed were created through a completely automated process and
the relevant offers were not subject to any editing or other manual control. Hence, it
could not be assumed that the defendant had knowledge that the offer at issue incor-
porated content that would infringe the claimant’s rights. In addition, upon becom-
ing aware of the unlawfulness of the listing, the defendant promptly removed it.
Considering that the defendant’s databank contained 50 million offers, it would
have been unreasonable to expect that every single link be checked beforehand. In
the event of (several) completely automated processes, the GS Media presumption
could not apply in relation to each and every link. Referring to the Opinion of AG
Szpunar in Stichting Brein, C 610/15,59 the court concluded that holding otherwise
would extend liability to every imaginable far-removed contribution because of
negligible lack of knowledge and, therefore, based on merely fictitious intention.
This would also be contrary to Art. 16 of the EU Charter.
The Regional Court of Hamburg also decided another case in 2017 in which
issues of linking and copyright protection were at issue.60 It held that there is no act
of communication to the public within §§ 15(2) UrhG and 19a UrhG if a person who
links to protected content without the relevant rightholder’s permission is unaware
that such content is unlawful. Even if the link provider has a profit-making inten-
tion, there should be no presumption that they had awareness that the content linked
to was unlawful if they operate in a context in which it would be unreasonable to
expect that checks be performed to ensure that the content linked to is (and remains)
lawful. In the case at issue, the defendant’s linking activities were performed algo-
rithmically and, similarly to the other decision, also in this instance the infringing
content (again a product allegedly reproducing a photograph depicting pug dog
Loulou) linked to was available on Amazon.de. The defendant had no actual aware-
ness that the content linked to was unlawful, nor was its unlawful nature r ecognisable
59
Opinion of Advocate General Maciej Szpunar in Stichting Brein, C 610/15, Opinion of 8
February 2017.
60
LG Hamburg, 310 O 117/17.
76 E. Rosati
at the outset. Also a relevant aspect was the fact that to be able to offer products for
sale on Amazon, merchants have to agree to the platform’s terms of use, including
declaring that they own the copyright to the images displayed.
In its decision, the Hamburg Court held that the GS Media presumption of
knowledge cannot be considered as indistinctly applicable: instead, it should be
only relevant in situations in which the link provider/defendant may be expected to
carry out the necessary checks to determine the status—lawful or unlawful—of the
content linked to. The court acknowledged that GS Media, C 160/15, mandates a
generally applicable presumption for links posted out of profit. However, a conclu-
sion of this kind would contradict what is stated at paragraph 34 of GS Media, C
160/15, itself, i.e., that the assessment of whether a link provider can be liable under
Art. 3.1 of the InfoSoc Directive must be individualised and take account of several
complementary criteria that may, in different situations, be present to widely vary-
ing degrees. In a case like the one at issue, it would be therefore ‘unreasonable’ and
‘economically unjustifiable’ to expect that the defendant carries out such checks in
relation to each and every content (automatically) linked to, including content
hosted on a platform like Amazon. The defendant’s business model—including the
fact that the content is not ‘incorporated’ to look as the defendant’s own content—is
such that no specific searches for unlawfulness can be expected. Holding otherwise
would not only be unreasonable, but also amount to an undue compression of the
fundamental freedom to conduct a business, pursuant to Article 16 of the EU
Charter.
4 Conclusion: Clarity Still Needed
In the aftermath of the CJEU decision in GS Media, C 160/15, it appears that, on the
one hand, courts have adopted different approaches to the presumption of knowl-
edge envisaged by the CJEU in its ruling and, on the other hand, the scope of appli-
cation of CJEU case law has not been considered devoid of difficulties. This has
been particularly the case of German courts: the decisions discussed above show
how courts in that EU Member State, instead of holding the presumption rebutted in
the specific instance considered (as it appears to be the approach required under GS
Media, C 160/15), held against its applicability tout court, on grounds of reason-
ableness and by placing significant emphasis on the fundamental rights dimension.
Fears that the relationship between copyright protection and freedom to conduct a
business might be unbalanced in favour of the former were acutely felt. This—
together with considerations relating to the proper construction of the right of com-
munication to the public, including the requirement of an individualised
assessment—arguably prompted the courts to depart from what a strict application
of GS Media, C 160/15, would instead require.
References
Abrar S (2016) GS Media finds its first application in Germany. Available via The IPKat. http://
ipkitten.blogspot.com/2016/12/gs-media-finds-its-first-application-in.html
Arezzo E (2014) Hyperlinks and making available right in the European Union - what future for
the Internet after Svensson? IIC 45(5):524
Association Littéraire et Artistique Internationale (2013) Report and Opinion on the making avail-
able and communication to the public in the internet environment – focus on linking techniques
on the Internet. ALAI. http://www.alai.org/en/assets/files/resolutions/making-available-right-
report-opinion.pdf
Association Littéraire et Artistique Internationale (2014) Opinion proposed to the Executive
Committee and adopted at its meeting, 17 September 2014 on the criterion “New Public”,
developed by the Court of Justice of the European Union (CJEU), put in the context of mak-
ing available and communication to the public. ALAI. http://www.alai.org/en/assets/files/
resolutions/2014-opinion-new-public.pdf
Brüß M (2016) CJEU GS Media decision finds its first application in Germany. Available via The
1709 Blog. http://the1709blog.blogspot.com/2016/12/cjeu-gs-media-decision-finds-its-first.
html
Chiou T (2017) Athens Court of Appeal applies CJEU GS Media linking decision and inter-
prets ‘profit-making intention’ restrictively. Available via The IPKat. http://ipkitten.blogspot.
com/2017/11/athens-court-of-appeal-applies-cjeu-gs.html
CJEU, Airfield NV, Canal Digitaal BV v Belgische Vereniging van Auteurs, Componisten en
Uitgevers CVBA (Sabam) (C 431/09) and Airfield NV v Agicoa Belgium BVBA (C 432/09),
Case C 431/09 and C 432/09, Judgment of 13 October 2011
CJEU, AKM v Zürs.net Betriebs GmbH, Case C 138/16, Judgment of 16 March 2017
CJEU, BestWater v Michael Mebes and Stefan Potsch, C 348/13, Judgment of 21 October 2014;
CJEU, C More Entertainment AB v Linus Sandberg, Case C 279/13, Judgment of 26 March 2015;
CJEU, Circul Globus Bucureşti v Uniunea Compozitorilor şi Muzicologilor din România –
Asociaţia pentru Drepturi de Autor (UCMR – ADA), Case C 283/10, Judgment of 24 November
2011
CJEU, Football Association Premier League Ltd and Others v QC Leisure and Others (C 403/08)
and Karen Murphy v Media Protection Services Ltd (C 429/08), Joined cases C 403/08 and C
429/08, Judgment of 4 October 2011
CJEU, GS Media v Sanoma Media Netherlands BV and Others, Case C 160/15, Judgment of 8
September 2016
CJEU, ITV Broadcasting v TV Catchup Ltd, Case C 607/11, Judgment of 7 March 2013
CJEU, Land Nordrhein-Westfalen v Dirk Renckhoff, Case C 161/17, Judgment of 7 August 2018
CJEU, Organismos Sillogikis Diacheirisis Dimiourgon Theatrikon kai Optikoakoustikon Ergon v
Divani Anonimi Xenodocheiaki kai Touristiki Etaireia, Case C 136/09, Judgment of 18 March
2010
CJEU, OSA v Léčebné lázně Mariánské Lázně a.s., Case C 351/12, Judgment of 27 February 2014;
CJEU, Phonographic Performance v Ireland, Attorney General, Case C 162/10, Judgment of 15
March 2012
CJEU, Reha Training Gesellschaft für Sport- und Unfallrehabilitation mbH v Gesellschaft für
musikalische Aufführungs- und mechanische Vervielfältigungsrechte eV (GEMA), Case C
117/15, Judgment of 31 May 2016
CJEU, SBS Belgium v Belgische Vereniging van Auteurs, Componisten en Uitgevers (SABAM),
CJEU, SCF v Marco Del Corso, Case C 135/10, Judgment of 15 March 2012
CJEU, SGAE v Rafael Hoteles SA, Case C 306/05, Judgment of 7 December 2006
CJEU, Sociedade Portuguesa de Autores CRL v Ministério Público and Others, Case C 151/15,
Judgment of 14 July 2015
CJEU, Stichting Brein v Jack Frederik Wullems, Case C 527/15, Judgment of 26 April 2017
CJEU, Stichting Brein v Ziggo BV and XS4All Internet BV, Case C 610/15, Judgment of 14 June
2017
78 E. Rosati
CJEU, Svensson and Others v Retriever Sverige AB, Case C 466/12, Judgment of 13 February
2014
CJEU, VCAST Limited v RTI SpA, Case C 265/16, Judgment of 29 November 2017
Clark B, Dickinson J (2017) Theseus and the labyrinth? An overview of “communication to the
public” under EU copyright law: after Reha Training and GS Media where are we now and
where do we go from here? Eur Intellect Prop Rev 39(5):265
Clark B, Tozzi S (2016) “Communication to the public” under EU copyright law: an increasingly
Delphic concept or intentional fragmentation? Eur Intellect Prop Rev 38(12):715
European Copyright Society (2013) Opinion on the Reference to the CJEU in Case C 466/12
Svensson. ECS. https://europeancopyrightsocietydotorg.files.wordpress.com/2015/12/euro-
pean-copyright-society-opinion-on-svensson-first-signatoriespaginatedv31.pdf
Ginsburg JC (2014) Hyperlinking and infringement: the CJEU decides (sort of).
The Media Institute. https://www.mediainstitute.org/2014/03/17/hyperlinking-
and-infringement-the-cjeu-decides-sort-of/
Ginsburg JC, Budiardjo LA (2018) Liability for providing hyperlinks to copyright-infringing con-
tent: international and comparative law perspectives. Columbia J Law Arts 41:153
Hugenholtz PB, Van Velze SC (2016) Communication to a new public? Three reasons why EU
copyright law can do without a “new public”. IIC 47(7):797
Karapapa S (2017) The requirement for a “new public” in EU copyright law. Eur Law Rev 42(1):63
Koo J (2018) Away we Ziggo: the latest chapter in the EU communication to the public story. J
Intellect Prop Law Pract 13(7):542
Leistner M (2015a) Copyright at the interface between EU law and national law: definition of
“work” and “right of communication to the public”. J Intellect Prop Law Pract 10(8):626
Leistner M (2015b) Copyright law on the internet in need of reform: hyperlinks, online platforms
and aggregators. J Intellect Prop Law Pract 12(2):136
Leistner M (2017) Closing the book on the hyperlinks: brief outline of the CJEU’s case law and
proposal for European legislative reform. Eur Intellect Prop Rev 39(6):327
Malovic N, Haddad P (2017) Swedish court finds that an embedded link to unlicensed content
infringes copyright. J Intellect Prop Law Pract 12(2):89
McBride P (2017) The “new public” criterion after Svensson: the (ir)relevance of website terms
and conditions. Intellect Prop Q 3:262
Mysoor P (2013) Unpacking the right of communication to the public: a closer look at interna-
tional and EU copyright law. Intellect Prop Q 2:166
Rendas T (2017) How Playboy photos compromised EU copyright law: the GS Media judgment.
J Internet Law 20:11
Rosati E (2016) Linking after GS Media … in a table. Available via The IPKat. http://ipkitten.
blogspot.com/2016/09/linking-after-gs-media-in-table.html
Rosati E (2017b) The CJEU Pirate Bay judgment and its impact on the liability of online plat-
forms. Eur Intellect Prop Rev 39(12):737
Rosati E (2017a) GS Media and its implications for the construction of the right of communication
to the public within EU copyright architecture. Common Mark Law Rev 54(4):1221
Rosén J (2016) How much communication to the public is ‘communication to the public’? In:
Stamatoudi IA (ed) New developments in EU and international copyright law. Wolters Kluwer,
Alphen aan den Rijn
Synodinou TE (2017) Decoding the Kodi box: to link or not to link? Eur Intellect Prop Rev
39(12):733
Vivoda J (2017) Czech court finds that linking to unlicensed content does not infringe copyright if
the website is not operated for profit. J Intellect Prop Law Pract 12(5):363
Walter MM, von Lewinski S (eds) (2010) European copyright law – a commentary. Oxford
University Press, Oxford
World Intellectual Property Organization (2003) Guide to copyright and related rights treaties
administered by WIPO and glossary of copyright and related rights terms. https://www.wipo.
int/publications/en/details.jsp?id=361&plang=EN / CC BY https://creativecommons.org/
licenses/by/3.0/igo/
Chapter 4
Forcing Flexibility with Fundamental
Rights: Questioning the Dominance
of Exclusive Rights
Bernd Justin Jütte
Abstract The European copyright rules systematically favor a dominance of exclu-

sive rights over permitted uses. Many of such uses are rooted in fundamental rights,
but the limited nature of exceptions and limitations prevents the exercise of funda-
mental rights in certain circumstances. The German Federal Supreme Court has
questioned this imbalance with three preliminary references, the potential impacts
of which are discussed in this chapter.
The Court of Justice of the European Union (CJEU) has used teleological argu-
ments to safeguard the efficiency of the library exception under Art. 5.3(n) of the
InfoSoc Directive (Directive 2001/29/EC) and to enable the resale of computer soft-
ware under Art. 5.1 of the Software Directive (Directive 2009/24/EC). A general
discourse in the decisions of the CJEU on the influence of fundamental rights on the
interpretation of limitations and exceptions is still absent. The paper discusses the
pending preliminary references in the German “Metall auf Metall III”,
“Reformistischer Aufbruch”, and “Afghanistan Papiere” litigations and their poten-
tial relevance for the legality of Art. 5 of the InfoSoc Directive. It examines the
arguments of the German Constitutional Court and the Federal Supreme Court to
identify problems with the current system of limitations and exceptions for uses of
protected works in the light of fundamental rights, suggesting that the current sys-
tem of limitations and exceptions throughout the copyright acquis does not reflect
sufficient respect for fundamental rights. Possible scenarios are discussed. Either
the Court could propose a more flexible interpretation of the copyright rules, or it
could create mechanisms that would permit setting aside copyright rules in cases
that are justified by fundamental rights.
B. J. Jütte (*)
School of Law, University of Nottingham, Nottingham, UK
Vytautas Magnus University, Kaunas, Lithuania
e-mail: bernd.jutte@nottingham.ac.uk

https://doi.org/10.1007/978-3-030-25579-4_4
80 B. J. Jütte
1 Introduction
The development of the European Union (EU) copyright rules has traditionally been
driven by fundamental freedoms, policy considerations, and international obliga-
tions. Fundamental rights have lingered outside the spotlight of copyright for many
years. Only more recently, the role of fundamental rights in the application and
interpretation of the EU copyright rules has become à la mode, with academics
arguing for a more influential role of what are, after all, general principles of the EU
law.1 Crucial elements in these discussions have been exceptions and limitations
(E&L) to copyright, as they often serve to permit uses that are rooted in and justified
by fundamental rights.
A general dissatisfaction with the current state of EU copyright law in general
and E&L in particular has driven commentators to look for legal release valves that
could take the pressure from overstretched rules which have often failed to give
clear and satisfactory answers to questions raised by the application of relatively old
rules to new technological developments. The intensive discussions about the
hyperlinking saga serve as one of the prime examples of judicial flexibility and
attempts by the courts to fit modern forms of communication into the legal straight-
jacket of copyright law at EU level.2
However, E&L have remained largely immune from disruptive judicial interfer-
ence, with a few notable exceptions. These “fierce creatures” of copyright law3 are
subject to a strict interpretation that limits their flexible application. Occasionally,
however, the CJEU has exercised more discretion than usual to guarantee the effec-
tiveness of the EU copyright rules.4 However, the Court has also used exceptions to
1
Geiger (2004b, 2006, 2009), Griffiths and McDonagh (2013), Peukert (2015), Geiger and
Izyumenko (2014); specifically for the right to freedom of expression: Ducoulombier (2015), Jütte
(2016).
2
CJEU, Nils Svensson and Others v Retriever Sverige AB, C466/12, Judgment of 13 February
2014; CJEU, BestWater International GmbH v Michael Mebes and Stefan Potsch, Case C 348/13,
Order of 21 October 2014; CJEU, GS Media BV v Sanoma Media Netherlands BV and Others,
Case C 160/15, Judgment of 08 September 2016; CJEU, Stichting Brein v Jack Frederik Wullems,
Case C 527/15, Judgment of 26 April 2017; CJEU, Stichting Brein v Ziggo BV and XS4All Internet
BV, Case C 610/15, Judgment of 14 June 2017.
3
Hugenholtz (1997), the precise nature of E&L has not been settled yet, whether they constitute
mere exceptions to exclusive rights, or whether they constitute rights of users that are on equal
footing with exclusive rights, cf. Kur (2008), Geiger (2004a).
4
See, for example, CJEU, Football Association Premier League Ltd and Others v QC Leisure and
Others (C 403/08) and Karen Murphy v Media Protection Services Ltd (C 429/08), Joined cases C
403/08 and C 429/08, Judgment of 4 October 2011, par. 163, where the Court supplemented the
general standard of a strict interpretation for E&L with an interpretation that must “enable the
effectiveness of the exception”. It suggested this double standard for E&L with reference to Recital
31 of the InfoSoc Directive (Directive 2001/29/EC of the European Parliament and of the Council
of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the
information society, OJ L 167, pp. 10–19), which requires that a fair balance between the different
classes of right holders and users must be struck. In the CJEU, Infopaq International A/S v Danske
Dagblades Forening, Case C 5/08, Judgment of 19 July 2009, par. 56, the judgment of which was
4 Forcing Flexibility with Fundamental Rights: Questioning the Dominance… 81
push what seemed normative preferences.5 This flexibility, naturally, finds its bor-
ders in the absence of an applicable exception for a particular use. However, there
are uses currently not covered by the exceptions under any of the EU copyright
directives that can arguably be justified based on fundamental rights. These are
cases where a rough balancing exercise would at least leave room for the suggestion
that the exclusive rights as fundamentally protected property rights under the
Charter of Fundamental Rights of the European Union (EU Charter)6 and the
European Convention on Human Rights (ECHR)7 should give way to other interest
of individual or the public. Three such cases have been referred to the CJEU by way
of a request for a preliminary ruling by the German Federal Supreme Court (BGH)
in May 2017.
Before exploring the three cases in detail and entering into a deeper analysis of
their potential impact, the current role of fundamental rights in EU copyright law is
briefly outlined to illustrate how fundamental rights have influenced EU copyright
so far.
2 Fundamental Rights in EU Copyright: So Far
The EU copyright rules reflect a balance that has been struck by the European leg-
islator.8 This balance mitigates between the interests of right holders and users and
is, inter alia, informed by fundamental rights, presumably as part of the interests of
handed down a mere three months earlier, the CJEU had still restricted itself to interpret E&L
strictly.
5
Beyond a relatively extensive interpretation of the “necessary-for-use” exception of Article 5.1 of
the Directive 2009/24/EC of the European Parliament and of the Council of 23 April 2009 on the
legal protection of computer programs, OJ L 111, pp. 16–22 (“Software Directive”) in the CJEU,
UsedSoft GmbH v Oracle International Corp., Case C 128/11, Judgment of 03 July 2012, the
CJEU has introduced an “ancillary” exception to the reproduction right in CJEU, Technische
Universität Darmstadt v Eugen Ulmer KG, Case C 117/13, Judgment of 11 September 2014.
6
See the Charter of Fundamental Rights of the European Union, OJ C 326, 26.10.202, pp. 391–
407, Art. 17.2.
7
See, Art. 1 of the 1st Protocol to the Convention for the Protection of Human Rights and
Fundamental Freedoms (1950) 213 UNTS 222.
8
This is expressed in Recital 31 of the InfoSoc Directive, which states that “[a] fair balance of
rights and interests between the different categories of rightholders, as well as between the differ-
ent categories of rightholders and users of protected subject-matter must be safeguarded.” In this
spirit, it must be assumed that the provisions of the directives have been drafted. There is, however,
not reference to such a balance in other directives of the copyright acquis that include substantive
rules. Only the relatively recent Portability Regulation (Regulation (EU) 2017/1128 of the
European Parliament and of the Council of 14 June 2017 on cross-border portability of online
content services in the internal market, OJ L 168, 30.6.2017, pp. 1–11) refers to the necessity to
strike a balance between the interest of right holders to have their rights protected and the funda-
mental freedoms of the TFEU (Recital 11). The first draft of the new Copyright Directive (Proposal
for a Directive of the European Parliament and of the Council on copyright in the Digital Single
Market COM (2016) 593 final) suggests that “[t]he exceptions and the limitation set out in this
82 B. J. Jütte
the two groups.9 This view is also mirrored in the CJEU’s jurisprudence when the
Luxembourg Court refers to fundamental rights in relation to the EU copyright
rules.10 Member States (MS), the Court has frequently stated, must take fundamen-
tal rights into consideration when implementing and applying the provisions of the
copyright directives.11 This is in line with the case-law of the CJEU on the applica-
tion of fundamental rights in general.12
In its first reference to fundamental rights under the current EU copyright rules,
the CJEU ruled in Luksan that the principal director of a cinematographic work may
not be deprived of her property right that she lawfully acquired by virtue of EU
legislation.13 This ruling underlines the CJEU’s position that the balance of interests
is duly reflected in the copyright acquis and that these rules further consider the
fundamental rights involved. Subsequently, fundamental rights have been regularly
invoked in cases relating to copyright enforcement in relation to intermediary liabil-
ity. For example, in the Scarlet Extended v Netlog,14 the Court found that the rele-
vant directives, read in the light of fundamental rights under the EU Charter, would
not permit the ordering of an injunction that would oblige an intermediary to install
an overly strict monitoring or filtering system, respectively.15 Again, the Court used
fundamental rights to supplement an interpretation of the applicable rules to achieve
Directive seek to achieve a fair balance between the rights and interests of authors and other
rightholders on the one hand, and of users on the other.” (Recital 6).
9
Although the Directive only mentions fundamental principles, it makes express reference to the
fundamental rights of “property, including intellectual property, and freedom of expression”, and
also includes “the public interest” (Recital 3, the InfoSoc Directive).
10
See, e.g., CJEU, Martin Luksan v Petrus van der Let, Case C 277/10, Judgment of 9 September
2012, paras. 68-71; CJEU, Productores de Música de España (Promusicae) v Telefónica de España
SAU, Case 275/06, Judgment of 29 January 2008, paras. 61-70; CJEU, Belgische Vereniging van
Auteurs, Componisten en Uitgevers CVBA (SABAM) v Netlog NV, Case C 360/10, Judgment of 16
June 2012, paras. 39-44; CJEU, Johan Deckmyn and Vrijheidsfonds VZW v Helena Vandersteen
and Others, Case C 201/13, Judgment of 03 September 2014, paras. 25-30; CJEU, UPC Telekabel
Wien GmbH v Constantin Film Verleih GmbH and Wega Filmproducktionsgesellschaft mbH, Case
C 314/12, Judgment of 27 March 2014, paras. 42-64.
11
See, e.g., UPC Telekabel Wien GmbH v Constantin Film Verleih GmbH and Wega
Filmproducktionsgesellschaft mbH, par. 46; CJEU, Copydan Båndkopi v Nokia Danmark A/S,
Case C 463/12, Judgment of 05 March 2015, par. 31; Johan Deckmyn and Vrijheidsfonds VZW v
Helena Vandersteen and Others, par. 34.
12
CJEU, Åklagaren v Hans Åkerberg Fransson, Case C 617/10, Judgment of 26 February 2013;
CJEU, Stefano Melloni v Ministerio Fiscal, Case C 399/11, Judgment of 26 February 2013; CJEU,
Maximillian Schrems v Data Protection Commissioner, Case C 362/14, Judgment of 06 October
2015.
13
Cf. Article 1.5 Directive 93/83; Martin Luksan v Petrus van der Let, paras. 68-70.
14
For an extensive commentary of the judgment, see Husovec (2016), in particular pp. 256 et seq;
see further, UPC Telekabel Wien GmbH v Constantin Film Verleih GmbH and Wega
Filmproducktionsgesellschaft mbH, paras. 42-64.
15
Case C 70/10, Judgment of 24 November 2011; Belgische Vereniging van Auteurs, Componisten
en Uitgevers CVBA (SABAM) v Netlog NV.
an outcome that balances all interests involved.16 Considering the status of funda-
mental rights as general principles of EU law, it can be argued that the rules already
reflected such a balance and fundamental rights merely help to identify or to recall
it. In two further enforcement cases, the CJEU ruled that internet access providers
cannot be obliged to surrender user data in civil proceedings to identify potential
copyright infringers,17 whereas in Coty Germany, it concluded that a provision of
national law that prevented banking institutions to provide the data of account hold-
ers to identify trademark infringers violates the fundamental rights to an effective
judicial remedy and, consequently, the fundamental right to property of the right
holder.18
In Deckmyn, the CJEU was asked to strike the balance between the interest of
the right holder and the user of a protected work in the context of the parody excep-
tion under Art. 5.3(k) of the InfoSoc Directive.19 When defining its scope, the Court
also stated that when applying the exception the courts of the MS must preserve a
fair balance, which requires consideration of a variety of factors, including funda-
mentals rights.20 This suggests that even within the acquis, the balance between
fundamental rights is not ultimately determined, but requires an assessment in every
individual case.
The European Court of Human Rights (ECtHR) has followed a similar line when
it allowed states to exercise a wide margin of discretion when balancing competing
fundamental rights. In Ashby Donald21 and in The Pirate Bay22 the Strasbourg Court
came down on the side of right holders and did not find an unjustified violation of
Art. 10 ECHR. At the same time, the ECtHR confirmed its settled case-law, pursu-
ant to which Member States enjoy a wide margin of discretion when striking the
balance between the right to (intellectual) property and the right to freedom of
expression.23 In effect, in times where the relation between the two European courts
is still unclear, this gives EU MS the liberty to align their copyright rules with the
EU copyright acquis, and indeed they are obliged to do so, while fulfilling with their
obligations under the ECHR. The implementation of the rules into national law,
which are considered in their respective areas of application to create full
16
The fundamental rights the CJEU made reference to were the right to property and the right to
conduct a business (par. 46), and the right to the protection of personal data and the right to receive
information (par. 50).
17
Promusicae v Telefónica de España SAU.
18
CJEU, Coty Germany GmbH v Stadtsparkasse Magdeburg, Case C 580/13, Judgment of 16 July
2015.
19
harmonisation of certain aspects of copyright and related rights in the information society, O JL
20
Johan Deckmyn and Vrijheidsfonds VZW v Helena Vandersteen and Others, paras. 25-30.
21
ECtHR, Ashby Donald and other v France, App No 36769/08, 10 January 2013.
22
ECtHR, Fredrik Neij and Peter Sunde Kolmisoppi (The Pirate Bay) v Sweden, App No 40397/12,
19 February 2013.
23
See for commentary, e.g., Geiger and Izyumenko (2014), Izyumenko (2016), p. 116; Jütte
(2016), pp. 14–17.
84 B. J. Jütte
h armonization, can then be argued to constitute the exercise by the EU legislator on

behalf of the MS of the almost proverbial wide margin of discretion.24 However, full
harmonization also means that MS are no longer able to deviate from the rules
imposed by EU legislation. This leaves them without much, if any, flexibility, or at
least limits it to those little pockets of liberty that the EU copyright rules leave.25
Indeed, the interpretation the CJEU has given to the EU copyright rules in the
light of fundamental rights seems to suggest that the European legislature has exer-
cised this wide margin of discretion as an exercise of its competence in intellectual
property law,26 thus enabling the national and European judiciaries to implement the
balance reflected in the rules by way of judicial interpretation.
3 Fundamental Rights Out of the Box
Although it is disputed how much flexibility the EU copyright rules leave for
national legislators, it is commonly agreed that flexibility within the harmonized
areas is not extensive. However, flexibility is necessary to accommodate new,
technology-enabled uses. A strict and inflexible system of E&L shifts the balance in
favor of right holders whose exclusive rights enjoy a high level of protection,27
whereas users of protected works and related rights suffer from a static system of
E&L which is only rarely, although sometimes creatively, adapted by the judiciary.28
Thus, MS do not retain competence to adjust the balance on their own initiative with
national legislation. In theory, within the normative framework of the EU copyright
rules, major adjustments must be made by the EU legislator.
To date, national courts have asked, or led the Court to discuss, how fundamental
rights influence the interpretation of rights and exceptions in copyright law. The
Court has, because of this non-conflictual approach, developed a jurisprudence
which suggests that the EU copyright rules are reconcilable with fundamental
rights. A finding of incompatibility has not been made and, so far, not extreme con-
flicts were subject to intense discussion in front of the CJEU. The Court was further
never asked directly whether certain provisions of the EU copyright rules are
24
EctHR, Handyside v the United Kingdom, App No 5493/72, par. 48, 7 December 1976; ECtHR
(5th section), 10 January 2013, case of Ashby Donald and other v. France, Appl. nr. 36769/08,
para. 38.
25
Rosati (2014b), the author argues that little flexibility exists in the harmonized areas (esp. exclu-
sive rights and E&L) and flexibility exists for MS only in areas that have not been subject to har-
monization at EU level; Hugenholtz and Senftleben (2011), the latter argue that the EU copyright
rules do indeed leave room for flexibility in the area of E&L.
26
See on the EU’s competence for copyright: Ramalho (2014).
27
Recital 4 of the InfoSoc Directive, reiterated in, Infopaq International A/S v Danske Dagblades
Forening, par. 40; Football Association Premier League Ltd and Others v QC Leisure and Others
and Karen Murphy v Media Protection Services Ltd, par. 186.
28
See e.g. Technische Universität Darmstadt v Eugen Ulmer KG.
c ompatible with fundamental rights.29 This has changed with the three preliminary
references made by the BGH in May 2017. In the absence of a possibility to resolve
apparent conflicts within the national rules as harmonized by EU law,30 the German
BGH has turned to the CJEU for guidance.
3.1 Three German References
In May 2017, the BGH made three references that seek clarification on the ques-
tions how fundamental right fit with the EU copyright rules and whether there is
space for uses arguably justified by fundamental rights outside the EU copyright
acquis. The three references deal with music sampling (Pelham31), leaked reports on
the German military mission in Afghanistan (Funke Medien32), and the online pub-
lication by a newspaper of a scientific article without the consent of the author
(Spiegel Online33). In all three cases, the owner of the copyright or related rights
sought to prevent acts that can be considered expressive to different degrees.
In Spiegel Online, the claimant in the proceedings is a member of the German
Parliament (Volker Beck, German Green Party) who had written a contribution to an
edited volume in the late 1980s in which he discussed the decriminalization of cer-
tain non-violent sexual acts between adults and minors. The text was published after
the publisher had made minor changes to the text without consulting the author: the
title was changed from “Reformist Departure and Farewell to a ‘Radical’ Claim - a
Plea for a Realistic Reorientation of Sexual (Criminal) Policy” to “Changing the
Criminal Law? A Plea for a Realistic Reorientation of Sexual Policy”; a subtitle was
slightly changed and one sentence was slightly shortened. The claimant sent a letter
to the publisher complaining that the changes had altered the tenor of the text and
demanded that the publisher indicate these changes when distributing copies of the
book. Over the years, the claimant was confronted with this text on numerous occa-
sions; he repeatedly declared that the meaning of his text had been distorted by the
publisher. Since 1993, the claimant completely distanced himself from his text. The
manuscript was rediscovered in the archives of the Heinrich-Böll-Foundation, an
entity closely related to the German Green Party, and the claimant was confronted
with the text during the campaign leading up to the 2013 German parliamentary
29
In Luksan, the Court used the primacy of EU law and fundamental rights, in particular Article
17.2 EU Charter to prevent an MS from establishing a statutory allocation of exploitation rights to
the producer of a film instead of the principal director; Martin Luksan v Petrus van der Let, paras.
37-72.
30
Cf. CJEU, Tobias Mc Fadden v Sony Music Entertainment Germany GmbH, C 484/14, Judgement
of 15 September 2016, par. 83; Promusicae v Telefónica de España SAU, paras. 68, 70.
31
BGH [2017] I ZR 115/15, Metall auf Metall III; CJEU, Pelham and Others, C 476/17, Application.
32
BGH [2017] I ZR 139/15, Afghanistan Papiere; CJEU, Funke Medien NRW, C 469/17,
Application.
33
BGH [2017] IZR 228/15, Reformistischer Aufbruch; CJEU, Spiegel Online, C 516/17,
Application.
86 B. J. Jütte
elections. The claimant made the manuscript available to several newspapers as

proof that the text had been tampered with for the publication in the edited volume
but objected to the publication of the text on other websites. However, he published
the original draft of the text on his personal website together with the contribution
as it had appeared in the edited book. All pages of the manuscript were marked with
the text, running diagonally over each page “I distance myself from this contribu-
tion, Volker Beck”. The pages of the published versions were marked in the same
way with the words: “This text is not authorized and falsified by the publisher by
free redactions of the title and parts of the text.” The online news portal Spiegel
Online published an article titled “Greens: Volker Beck deceived public over
pedophilia-text”, in which it was argued that the politician had misled the public; his
controversial text had not been changed substantially by the publisher as he had
claimed over several years. A comparison of both texts would show that the mes-
sage of the text had not been changed through the marginal changes. A link made to
the manuscript as well as the published version available in pdf-format. The claim-
ant argued his copyright and moral rights had been infringed.
In Funke Medien, the claimant is the Federal Republic of Germany that compiles
weekly reports over foreign military missions of the German armed forces. The
reports are sent to selected Members of Parliament and other government institu-
tions under the title “Briefing for the Parliament” (UdP). The UdPs are confidential
at the lowest of the four confidentiality levels. Shortened versions are available to
the Public (Briefings for the Public—UdÖ). Respondent operates an online news
portal and requested access to UdPs in 2012 based on the provisions of the German
Freedom of Information Act. The request was rejected as, it was argued, publication
of information contained in the reports could have negative effects on security-
related aspects of the work of the German armed forces. The rejection mentioned
the freely available UdÖs. The defendant gained access to the full reports through
other channels, presumably they had been leaked by a member of the German
Parliament or other state employees. Defendant published scanned copies of the
report as “Afghanistan Papers”. Claimant argued that defendant infringed
copyright.
The Pelham litigation dates back to 2004.34 In the proceedings that had already
reached the BGH twice before, two members of the band Kraftwerk seek remedies
for the inclusion of a two-second sample taken from one of their songs into a com-
position by the German hip-hop producer Moses P. After several bouts in front of
German courts, in all of which the Kraftwerk members prevailed, Moses P lodged a
constitutional complaint in front of the German Constitutional Court (BVerfG). In
its decision of 31 May 2016, the BVerfG ruled that a strict interpretation of the
German copyright law, which effectively makes the use of any part of a sound
recording conditional on the consent of the right holder, would not strike a fair bal-
ance between the property right of the phonogram producer and the right to artistic
34
For an overview of the procedural history of the Metall auf Metall saga see, e.g., Schonhofen
(2016), Leistner (2016), Reilly (2012); see, also Niemann and Mackert (2013).
freedom of the user of the sample. It remanded the case back to the BGH, which, as
suggested by the BVerfG, made a preliminary reference to the CJEU.
Three questions, in particular, feature in the cases in slight variations. First, in all
three cases the BGH seeks clarification whether the exclusive rights of the
Information Society Directive and the limitations and exceptions contained therein
leave the MS a margin of appreciation when implementing the provisions of the
directive into national laws.35 Second, all referrals ask in which way the fundamen-
tal rights of the EU Charter have to be considered in determining the scope of Art.
5.2 and 3 and, in the case of Pelham, also in relation to the scope of Art. 2 lit. c of
the Directive 2001/29/EC.36 Third - although this question appears explicitly only in
the referrals in Funke Medien and Spiegel Online—the BGH inquires whether the
right to freedom of information (Art. 11.1 EU Charter) and the right to freedom of
the press contained in the EU Charter could justify E&L to the exclusive rights of
communication to the public under Art. 3.1 and the right to reproduction under Art.
2.1(a) of the Directive 2001/29/EC.37 The latter question is implicit in the referral in
Pelham, where the BGH asks whether a national rule that limits the rights to repro-
duction and the communication to the public of producers of sound recordings to
the extent that independently created work that uses the sound recording in ‘free
use’ can be exploited without the permission of the right holder of the original
sound recording.38 Because if the CJEU were to find that the German free use excep-
tion does not reflect a certain exception, or a combination of exceptions contained
in Art. 5 of the InfoSoc Directive,39 an alternative route must be found to maintain
this particular limitation to the exclusive right of producers of sound recordings.40
However, what the BGH is asking in essence is not whether fundamental rights
have to be considered when applying the EU copyright rules as implemented into
national law, but how fundamental rights work to balance the interest involved at the
implementation and application stages. The questions can be read in two ways.
First, the questions could suggest that the BGH knows exactly how and when
35
Funke Medien, Question 1; Pelham, Question 5 (also in relation to the exceptions possible under
Article 10.2 of the Directive 2006/115/EC); Spiegel Online, Question 1 (here only with regard to
Article 5.3 Directive 2001/29/EC.
36
Funke Medien, Question 2; Pelham, Question 6 (also in relation to the Article 10.2 of the
Directive 2006/115/EC); Spiegel Online, Question 2 (here, again, only with regard to Article 5.3 of
the Directive 2001/29/EC).
37
Funke Medien, Question 3; Spiegel Online, Question 3.
38
Pelham, Questions 3.
39
See for a discussion on a possible accommodation of sampling under the limitations and excep-
tions of Article 5.2 and 3 of the InfoSoc Directive: Jütte and Maier (2017).
40
It is interesting to note that the Court systematically distinguishes between limitations and excep-
tions. As regards the former, the court considers to be immanent restrictions to the exclusive right.
See Geiger (2004a), p. 815 and Geiger and Schönherr (2014), par. 11.64; see further on the imbal-
ance between limitations and exceptions and the fundamental right to property: Dreier (2010),
p. 51; see further Geiger et al. (2008), p. 415; see also BGH, Metall auf Metall III, Question 3 and
par. 22. Here, the BGH also reiterates that it does not consider §24(1) UrhG as an exception, which
is also reflected in the systematic structure of the German Copyright Law, that lists exceptions that
constitute prima facie infringements in §§ 44a - 63a UrhG.
88 B. J. Jütte
f undamental rights must be considered because there exists a long line of case-law
on this particular subject and, in addition, a rich body of scholarly literature. It is
unlikely that either has been overlooked by the court after its prior judgments had
been rejected by the German Constitutional Court.41 It is also apparent from the
judgments that pose the preliminary questions that the BGH assumes that funda-
mental rights are reflected in the exiting copyright rules and therefore national
courts should interpret these rules in the light of the EU Charter. All that the BGH
wants is conformation and certainty in the application of the German copyright
rules. Second, the questions could be understood in the sense that the BGH is
unhappy with the strict corset of EU copyright law that does not leave room for uses
that fall squarely within the fundamental protection of expression and the arts. It
doubts that the EU copyright rules are appropriate to strike a proper balance and
tries to use the CJEU to break open the rigid framework that, it seems, prevents
certain types of expression rather than enabling them.
Based on the questions referred by the BGH, the CJEU has three options. Option
one is to reinforce the legislative choice and maintain that E&L have been fully
harmonized in relation to the exclusive rights contained in the various European
copyright directives (including the right of reproduction and communication to the
public in relation to works and phonograms). Option two is to make an attempt at a
flexible interpretation of copyright E&L, possibly by mild analogies. The third
option is to state squarely that the existing copyright rules do not take fundamental
right of users sufficiently into consideration and that the copyright acquis needs
reform beyond current and ongoing legislative initiatives.42
These options will be discussed in the following sections.
3.2 Discretion for Implementation
One way to achieve flexibility within the EU copyright acquis would be to grant a
certain margin of discretion for MS in relation to exclusive rights and E&L. On
numerous occasions, the Court has underlined that exclusive rights, as well as E&L,
are autonomous concepts of EU law and are therefore to be interpreted and applied
uniformly in the MS.43 This further means that the CJEU has to interpret these
41
In answering to the constitutional complaint lodged by a music producer, the BVerfG found that
when applying the relevant provisions of the German Copyright Act, the lower courts had failed to
sufficiently consider the right to artistic freedom as protected by Article 5(3) of the German Basic
Law. See, BVerfG [2016] 1 BvR 1585/13.
42
Most prominently, the EU is currently debating a new Directive in the Digital Single Market
(COM (2016) 593 final). This proposal also includes provisions on new E&L and Recital 45 states:
“This Directive respects the fundamental rights and observes the principles recognised in particu-
lar by the Charter of Fundamental Rights of the European Union. Accordingly, this Directive
should be interpreted and applied in accordance with those rights and principles.”
43
See, e.g., CJEU, Eva-Maria Painer v Standard VerlagsGmbH and Others, Case C 145/10,
Judgment of 11 December 2011 and Johan Deckmyn and Vrijheidsfonds VZW v Helena Vandersteen
and Others: see also Xalabarder (2016), p. 638.
notions, and MS do not have any margin of discretion to alter the scope of the exclu-
sive rights or E&L.44
With regard to E&L, MS only have a very limited type of discretion, at least for
those E&L contained in Art. 5.2 and 3 of the InfoSoc Directive. They can choose to
implement any or all of the special cases contained in the exhaustive list. However,
it is not possible for national legislatures to go beyond that list and to introduce
exceptions that are not contained in Article 5. Not only is this expressly stated in
Recital 32, but this is furthermore dictated by the pre-emption doctrine that prohib-
its MS to act in areas of Union competence in which the EU has already acted by
exercising its shared competence.45
This leaves the core elements that could provide flexibility in a copyright context
under the control of the EU legislator and under the interpretative authority of the
CJEU. Consequently, MS do not retain a significant margin of discretion to intro-
duce flexibility beyond the limits set by the EU and to give further effect to other
fundamental rights than permitted by EU legislation.
3.3 Arguing Inside the Rules
The balance between the interest of users and right holders and their respective
fundamental rights is created at two levels. On the higher level, the European legis-
lator, and as its executors the national parliaments, create rules that are designed to
consider these interests. These rules—copyright laws—in themselves constitute a
balance rooted in fundamental rights.46 On the lower level, these rules are applied
and, if necessary, interpreted. In cases of ambiguity, and such ambiguities can be
provoked by new, disruptive technologies, national judiciaries must interpret the
national rules in the light of EU law, primary and secondary, as far as possible. The
CJEU has already addressed problems created by new technologies, or, in general,
unforeseen case constellations. This case law is instrumental in understanding the
options the CJEU might pursue when answering the question put forward by the
BGH.
44
This is not to say that MS have no discretion to legislate outside the harmonized areas, cf. CJEU,
C More Entertainment AB v Linus Sandberg, Case C 279/13, Judgment of 26 March 2015, par. 35.
45
Rosati (2014a), pp. 421–423.
46
This is the position of the BGH, cf. BGH, Metall auf Metall III, this requires national courts to
interpret and apply exclusive rights and limitations and exceptions to the effect that a balance
between the interests reflected in the rules of the EU copyright acquis is respected, paras. 48-49.
Cf. also Promusicae v Telefónica de España SAU, paras. 68-70; UPC Telekabel Wien GmbH v
Constantin Film Verleih GmbH and Wega Filmproducktionsgesellschaft mbH, par. 46.
90 B. J. Jütte
3.3.1 Extending the Scope of E&L
The Court has used effectiveness-based arguments, e.g., in FAPL/Murphy and

Ulmer. In the former case, it argued that to provide right holders with a high level of
protection, the usual standard for interpreting E&L is a strict on. This, according to
the Court, must be supplemented with an interpretation that enables the effective
exercise of any given exception.47 This supplementary means of interpretation at
least creates a balanced appreciation of the interest of all involved actors. In Ulmer,
this approach was demonstrated by adding an ancillary right of reproduction to the
library exception under Art. 5.3(n), which did not have any footing in the text of the
InfoSoc Directive.48 A similar approach was arguably taken in UsedSoft, when the
Court also created an ancillary right to reproduction to enable the resale of computer
software licenses; although the wording of Art. 5.1 of the Directive 2009/2449 left
the Court more room for interpretation.50
Against the background of the CJEU's jurisprudence, the answer to the question
whether MS can implement E&L flexibly seems relatively clear. The exclusive
rights are fully harmonized and the concept of autonomous interpretation should
safeguard that all rights receive the same interpretation and application in every
MS. The same holds true for E&L once they have been implemented. Consequently,
every MS can have a different list of E&L, but once implemented, they receive the
same interpretation throughout the EU.51 This denial of any flexibility and discre-
tion serves to safeguard the smooth an unobstructed functioning of the internal mar-
ket. At the same time, this interpretative approach limits short-term flexibility.
Instead, flexibility must be created by the legislator; either initiated at policy level
or through judicial pressure. The latter option is a lengthy one, as the Pelham case
perfectly demonstrates. From the beginning of the litigation until the case finally
came to the CJEU, thirteen years passed and the Court would add another two. Only
then could the legislative process be initiated.
47
Football Association Premier League Ltd and Others v QC Leisure and Others and Karen
Murphy v. Media Protection Services Ltd, paras. 162-163.
48
Technische Universität Darmstadt v Eugen Ulmer KG, par. 43.
49
Article 5.1 of the Software Directive reads: “In the absence of specific contractual provisions, the
acts referred to in points (a) and (b) of Article 4(1) shall not require authorisation by the right-
holder where they are necessary for the use of the computer program by the lawful acquirer in
accordance with its intended purpose, including for error correction.”
50
UsedSoft GmbH v Oracle International Corp., paras. 73-88; in this case AG Bot followed a
stricter interpretation of Article 5.1, limiting it to cases in which the user of a computer program
was already in possession of a legal copy of the program, Bot; Opinion of AG on UsedSoft GmbH
v Oracle International Corp., Case C 128/11, Opinion of 24 April 2012, paras. 94-100.
51
See, critically on this approach: Guibault (2010), see, e.g., CJEU, Padawan SL v Sociedad
General de Autores y Editores de España (SGAE), Case C 467/08, Judgment of 21 October 2010,
para. 32; Johan Deckmyn and Vrijheidsfonds VZW v Helena Vandersteen and Others, par. 15.
3.3.2 Setting Limits to the Scope of Exclusive Rights
With regard to the exclusive rights, the influence of fundamental rights might be
limited to the application of the rules by European Courts. Especially, the wide
scope of the reproduction rights for full and partial reproductions might be recon-
sidered against the background of the preliminary reference in Pelham. In this case,
a narrower interpretation of the reproduction rights would permit flexibility and
thereby ample room for the exercise of artistic creativity without necessarily alter-
ing the list or even the application of E&L.52 Indeed, this route offers only limited
flexibility and must be considered against the factual background of the particular
reference. It can certainly be argued that two seconds of “Metall auf Metall” are not
comparable to eleven words in Infopaq I53 that reflect a certain degree of originality.
Nevertheless, at some point, the narrowing of the scope of the exclusive rights
would clearly collide with the property side of the fundamental rights spectrum,
namely that of right holders. Furthermore, a narrower interpretation of exclusive
rights fails to provide interpretative solutions when entire works are used, such as in
Funke Medien and Spiegel Online. In the same way that E&L find their limits in the
wording and the object and purpose of a particular exception, the scope of exclusive
rights cannot be construed overly narrow.
3.4 Arguing Outside the Rules
The question whether there is room for exceptions outside of Art. 5 of Directive
2001/29/EC is an explosive one for several reasons. If the Court were to rule that
exceptions outside of the list of E&L, which Recital 32 suggests is exhaustive, exist,
this would also open similar clauses in other directives, such as Art. 10 of Directive
2006/115/EC. Consequently, legal uncertainty would reign, merely limited by the
still little elaborated balance between rights and permitted uses. Admittedly, this
balance could be informed by the list of exceptions provided in the legislation and
the evolving case-law on fundamental rights.54 However, this would bring European
copyright law dangerously close to an open norm à la fair use. By effectively ignor-
ing Recital 32, the Court would also question the validity of recitals as reliable
interpretative aids for the rule of European copyright law (and this could be extended
to other regulatory fields).55
52
See also Bently et al. (2018) under Question 3.
53
Infopaq International A/S v Danske Dagblades Forening, paras. 30-51.
54
Such an inspired list had been suggested by the drafters of the European Copyright Code, see
Article 5 and the general classification of Article 5 of the Wittem Code, which contains a list of
exceptions that promote freedom of expression and information, Wittem Project, see further Jütte
(2017), pp. 333 et seq.
55
There is a good argument to be made that recitals are subject to an expiry date and have little
value in areas that undergo rapid change, such as copyright in a digital environment. Still, the task
to decide on the scope of certain provisions is a task best left to the legislator.
92 B. J. Jütte
However, in the absence of relevant reform proposals, this route might be neces-
sary if the Court were to follow the German Constitutional Court’s appreciation of
the balance between the right to property and the right to artistic freedom in relation
to music sampling. It is hard to imagine that the CJEU would find, albeit merely
implicitly, that the outcome suggested by the BVerfG is categorically incompatible
with the imperative rules of the EU copyright acquis. Refusing to accept external
limitations to exclusive rights would cement the highly criticized property-centered
interpretation of the copyright rules in the past. It would indeed be difficult to find
more wiggle room inside the current copyright rules. Even an admission that the
rules as they currently stand do not reflect a proper balance and would require modi-
fications is a dangerous path to tread. This would have the consequence that, at least,
the respective provisions on limitations of exceptions in the relevant directives have
to be reviewed and complemented with such limitations and exceptions that con-
sider genuine fundamental rights concerns that outweigh the right to property. Now
this as a Sisyphean task that would require repetition on a regular basis.56
3.4.1 The Scope of Exclusive Rights
The BVerfG has suggested that the exclusive right of producers of sound recordings
could be limited not to cover very short excerpts, an opinion that the BGH does not
seem to follow.57 The latter would retain the possibility not to protect small excerpts
for works protected by copyright, but even here the jurisprudence of the CJEU
would restrict a more flexible interpretation through its ruling in Infopaq I.58
Pursuant to Infopaq I, even the reproduction of small parts of copyright protected
subject matter constitutes infringement if the parts reproduced display originality in
themselves. A limitation of the scope of exclusive rights would further only carry a
certain distance and fail at that point where clearly substantive expressive segments,
and therefore original parts of a work, are reproduced or otherwise used within the
scope of exclusive rights. Already in the Funke Medien and the Spiegel Online
cases, the quantity taken would certainly be sufficient to constitute a prima facie
infringement. Larger parts of a work that satisfy the originality requirement would
require additional justification if used without the right holder’s authorization. This
route is, therefore, only of limited utility to safeguard that fundamental rights are
properly respected in the balance between the interests of right holders and users of
protected works and subject matter. It is further inconceivable, and moreover sys-
tematically unsound, were the scope of exclusive rights to shift depending on a
particular use. Such legal uncertainty would also not square well with the funda-
mental right to property, which also requires some sort of reliable determination.
Systematically, but also from a purely reasonable point of view, it makes little sense
56
Jütte (2017), p. 270.
57
BGH, Metall auf Metall III, par. 19.
58
Infopaq International A/S v Danske Dagblades Forening.
to attempt a rebalancing by adjusting the scope of protection of exclusive rights,

except for such cases in which the use is limited to very small parts of a given work.
3.4.2 Permitting Expression and Information: And (Too?) Much More
The inflexibility of the scope of exclusive rights leaves E&L as potential enablers
for the exercise of fundamental rights. This suggests that there will be instances in
which the right to freedom of expression, including the right to receive information,
but, possibly, also other fundamental rights, deserve to receive precedence of the
interest of right holders. In fact, such instances already exist in Art. 5 and reference
to their roots in fundamental rights can already be found in the InfoSoc Directive.59
The set of E&L of Art. 5, but also exceptions in other instruments of the EU
copyright rules, do not seem to leave much room for permitted uses outside of this
legal framework. The ‘free use’ defense raised in Pelham is certainly not included
in any of the instruments. It can, however, be argued that a limited open norm such
as the free use exception in German copyright law is not per se in violation of EU
copyright law as long as its application moves within the list of limitations and
exceptions provided for in Art. 5 of the InfoSoc Directive.60 The application of such
a norm would only constitute a violation if it were to extend to cases that are clearly
outside the list of Art. 5. A norm that resembles free use and, arguably free use itself,
could be pre-empted by EU law in all instances that are not covered by Art. 5.3(o)
of the InfoSoc Directive. Under the doctrine of pre-emption, which is closely linked
to the notion of supremacy of EU law, MS are barred from legislating in areas in
which the European legislator has acted.61 In relation to the exclusive rights and
their related exceptions and limitation MS are consequently pre-empted from intro-
ducing exceptions that are not contained in Art. 5 of the InfoSoc Directive. A strict
application of the pre-emption doctrine would not permit uses that are not covered
by express E&Ls within the scope of application of the EU copyright rules. As these
rules cover most of the important economic rights, it seems that there is not much
room for other permitted uses than those expressly referred to in the acquis.
This, again, raises the problem of a systematic advantage of right holders, whose
interests enjoy a temporal advantage in the light of ever advancing technological
change. An open norm such as the German ‘free use’ provision, if understood
indeed as an exception and not as a limitation to the scope of exclusive rights, would
be best suited to accommodate the exercise of fundamental rights in an ever chang-
ing technological environment. The limits set by an interpretation that considers the
pre-emption doctrine, which is also strongly supported by Recital 32 of the InfoSoc
59
Recital 3 InfoSoc Directive.
60
See Jütte and Maier (2017), pp. 790–791.
61
See, for the functioning of the preemption doctrine in EU copyright law, Rosati (2014a). Between
the three option Rosati lists—field pre-emption, rule pre-emption, and obstacle pre-emption—the
copyright rules fall within the domain of rule pre-emption as copyright falls within an area of
shared competence.
94 B. J. Jütte
Directive, does however mandate that an open norm is interpreted within the strict
substantive limits of Art. 5 of the InfoSoc Directive and, in relation to other (related)
subject matter, by the exceptions contained in other instruments of the copyright
acquis. Although these provisions, e.g., Art. 5 of the Software Directive, do not state
explicitly that the limitations contained therein are exhaustive, under the theory of
‘field’ pre-emption62 this would be the logical consequence. This would indeed
make sense, considering the general goal of harmonization which is to create simi-
lar rules across the single market. Were the MS permitted to introduce further
exceptions or limitations, this goal would equally be jeopardized. If already differ-
ent interpretations or implementations were to risk the smooth functioning of the
single market, incongruent sets of exceptions would exacerbate the problem.63
Against the background of these considerations, even an open norm would be lim-
ited by the EU copyright acquis and its substantive rules on limitations and
exceptions.
Another solution to this conundrum could be found in an analogy to the legal
mechanism behind the exhaustion doctrine. In Warner Brothers, the CJEU famously
stated that to enable the free movement of goods, right holders could be prevented
from exercising their intellectual property rights.64 While leaving the right, in prin-
ciple, intact, a right holder could also be prevented from exercising her rights in
protected works or other subject matter if such an exercise would infringe upon the
exercise of third-party fundamental rights. In this way the list of exceptions could
continue to constitute a balance, which in itself is a highly questionable assumption,
while leaving room for fundamentally important uses. In order not to further ques-
tion the role of E&L as legitimate balancing elements, a prohibition to exercise
exclusive rights should be limited to a very small number of cases, namely such
cases that are mandated by general principles, including the fundamental rights of
the EU Charter. The scope of such a mechanism should be strictly limited, and a
limitation of the exercise of exclusive rights cannot have the effect of eroding the
specific subject-matter of copyright.65 Besides economic rights that safeguard the
62
Rosati (2014a), p. 421.
63
There is a strong argument to be made that an open-norm and the pre-emption doctrine could
work smoothly together, which would also do away with the negative side effects of different
national implementations of the pick-and-choose list of Article 5 of the InfoSoc Directive. The
assumption that Article 5 as a whole constitutes a proper balance is put into question by varying
lists of exceptions at national level. An open norm, interpreted in the light of Article 5, can then
recreate the balance destroyed by insufficient national implementations. However, the problem of
permitted uses outside of Article 5 still remains.
64
In CJEU, Warner Brothers Inc and Metronome Video ApS v Erik Viuff Christiansen, Case C
158/86, Judgment of 17 May 1988, the Court ruled that the exhaustion of the distribution right
could not have the effect that exclusive rights would be rendered meaningless by its application;
see, also CJEU, Musik-Vertrieb membran GmbH and K-tel International v GEMA - Gesellschaft
für musikalische Aufführungs- und mechanische Vervielfältigungsrechte, Joined cases 55/80 and
57/80, Judgment of 20 January 1981.
65
Football Association Premier League Ltd and Others v QC Leisure and Others and Karen
Murphy v Media Protection Services Ltd, par. 106.
exploitation of protected works and subject-matter,66 copyright, albeit not expressly

harmonized at EU level,67 also covers moral rights.68
In analogy to the exhaustion doctrine, the use of protected works could not be
justified if they had not been published with the consent of the right holder before
the use in question.69 Consequently, the use in Funke Medien would not be permit-
ted but the use in Spiegel Online would have been. An exhaustion-like mechanism
would supersede the application of copyright rules in certain instances that would
be in the public interest (including fundamental rights).
4 Conclusion
The preliminary questions posed by the BGH are a testament to the growing uncer-
tainty the strict corset of EU copyright law provides. The surprising perplexity with
which the BGH seeks clarification on a question that seemed to have been answered
already numerous times, namely how fundamental rights must be considered when
applying the EU copyright rules (or any other rule of EU law for that purpose),
demonstrates that the current set of rules is far from helpful when trying to strike a
proper balance between exclusive rights and interests of non-right holders. The
alternative is that the BGH pursues a political agenda. By asking a question of fun-
damental importance, the answer of which seems already been given by secondary
legislation, it provokes the CJEU to re-think EU copyright law in lieu of the EU
legislator. This could have wide-ranging consequences, up to a declaration of
incompatibility of Art. of the 5 InfoSoc Directive with the provisions of the EU
Charter.
It does indeed seem inconsistent that certain uses of works should be prohibited,
although they serve the higher good of a democratic discourse, particularly on the
Internet. Yet, copyright does not permit these uses and the exclusive rights stand in
the way of non-infringing uses of unpublished military reports and published
66
“[T]he specific subject-matter of the intellectual property is intended in particular to ensure for
the right holders concerned protection of the right to exploit commercially the marketing or the
making available of the protected subject-matter, by the grant of licences in return for payment of
remuneration (…)”,Football Association Premier League Ltd and Others v QC Leisure and Others
and Karen Murphy v Media Protection Services Ltd, par. 107.
67
Rosati (2014a).
68
“The specific subject-matter of those rights, as governed by national legislation, is to ensure the
protection of the moral and economic rights of their holders. The protection of moral rights enables
authors and performers, in particular, to object to any distortion, mutilation or other modification
of a work which would be prejudicial to their honour or reputation. Copyright and related rights
are also economic in nature, in that they confer the right to exploit commercially the marketing of
the protected work, particularly in the form of licences granted in return for payment of royalties
(…).”, CJEU, Phil Collins v Imtrat Handelsgesellschaft mbH and Patricia Im- und Export, Joined
cases C 92/92 and 326/92, Judgment of 20 October 1993, par. 20.
69
CJEU, Deutsche Grammophon Gesellschaft mbH v Metro-SB-Großmärkte GmbH & Co. KG,
Case C 78/70, Judgment of 8 June 1971, par. 13.
96 B. J. Jütte
anuscripts that reveal the questionable position on a sensitive issue of a member

m
of the German parliament; and the artistic expression of sampling artists. Should
these noble purposes fall victim to an extensive application of exclusive rights? This
would amount to nothing else than at least a mild form of open censorship. It is clear
that with the answers to the three preliminary references the struggle between fun-
damental rights and exclusive rights will not be over. One way or the other, the
Court either has to permit more interpretative flexibility within the set of existing
rules or suggest legislative additions to the list of limitations and exceptions through-
out the entire copyright acquis. In formulating a solution, the Court will have to be
careful not to undermine the reliability of existing copyright law by providing an
easily accessible leapfrog procedure with fundamental rights as its springboard. It
will have to limit the suspension of copyright law or the further limitation of exclu-
sive rights to certain special cases and, which will be even more difficult, find a
reliable formulation that avoids even greater uncertainty as that reflected in the
questions posed by the BGH. However, a continuing dominance of economically
justified exclusive rights over the exercise of fundamental rights should not be toler-
ated. Such an appreciation of the importance of expressive uses of protected works
should, ideally, be reflected in the copyright rules themselves, rather than provided
by a judge-made escape route.
References
Bently L, Geiger C, Griffiths J, Metzger A, Peukert A, Senftleben M et al (2018) Opinion of the
European Copyright Society in relation to the pending reference before the CJEU in Case
C-476/17, Hutter v Pelham. Available via European Copyright Society. https://europeancopy-
rightsocietydotorg.files.wordpress.com/2018/03/opinion-metall-auf-metall-fin4.pdf
BGH [2017] I ZR 115/15, Metall auf Metall III; CJEU, Pelham and Others, C 476/17, Application
BGH [2017] I ZR 139/15, Afghanistan Papiere; CJEU, Funke Medien NRW, C 469/17, Application
BGH [2017] IZR 228/15, Reformistischer Aufbruch; CJEU, Spiegel Online, C 516/17, Application
CJEU, BestWater International GmbH v Michael Mebes and Stefan Potsch, Case C 348/13, Order
of 21 October 2014
CJEU, Åklagaren v Hans Åkerberg Fransson, Case C 617/10, Judgment of 26 February 2013
CJEU, Belgische Vereniging van Auteurs, Componisten en Uitgevers CVBA (SABAM) v Netlog NV,
Case C 360/10, Judgment of 16 June 2012
CJEU, Deutsche Grammophon Gesellschaft mbH v Metro-SB-Großmärkte GmbH & Co. KG, Case
C 78/70, Judgment of 8 June 1971
CJEU, Eva-Maria Painer v Standard VerlagsGmbH and Others, Case C 145/10, Judgment of 11
December 2011
CJEU, GS Media BV v Sanoma Media Netherlands BV and Others, Case C 160/15, Judgment of
08 September 2016
CJEU, Infopaq International A/S v Danske Dagblades Forening, Case C 5/08, Judgment of 19
July 2009
CJEU, Johan Deckmyn and Vrijheidsfonds VZW v Helena Vandersteen and Others, Case C 201/13,
Judgment of 03 September 2014
CJEU, Martin Luksan v Petrus van der Let, Case C 277/10, Judgment of 9 September 2012
CJEU, Nils Svensson and Others v Retriever Sverige AB, C466/12, Judgment of 13 February 2014
CJEU, Padawan SL v Sociedad General de Autores y Editores de España (SGAE), Case C 467/08,
Judgment of 21 October 2010
CJEU, Productores de Música de España (Promusicae) v Telefónica de España SAU, Case 275/06,
Judgment of 29 January 2008
CJEU, Stichting Brein v Jack Frederik Wullems, Case C 527/15, Judgment of 26 April 2017
CJEU, Stichting Brein v Ziggo BV and XS4All Internet BV, Case C 610/15, Judgment of 14 June
2017
CJEU, Technische Universität Darmstadt v Eugen Ulmer KG, Case C 117/13, Judgment of 11
September 2014
CJEU, Tobias Mc Fadden v Sony Music Entertainment Germany GmbH, C 484/14, Judgement of
15 September 2016
CJEU, UsedSoft GmbH v Oracle International Corp., Case C 128/11, Judgment of 03 July 2012
Dreier T (2010) Limitations: the centerpiece of copyright in distress. J Intellect Prop Inf Technol
Electron Commer Law 1:50
Ducoulombier P (2015) Interaction between human rights: are all human rights equal? In: Geiger C
(ed) Research handbook on human rights and intellectual property. Edward Elgar, Cheltenham,
pp 39–51
Geiger C (2004a) Der urheberrechtliche Interessenausgleich in der Informationsgesellschaft - Zur
Rechtsnatur der Beschränkungen des Urheberrechts. GRUR Int 53:815
Geiger C (2004b) Fundamental rights, a safeguard for the coherence of intellectual property law?
IIC 35:268
Geiger C (2006) “Constitutionalising” intellectual property law? The influence of fundamental
rights on intellectual property in the European Union. IIC 37:371
Geiger C (2009) Intellectual property shall be protected!? Article 17(2) of the Charter of
Fundamental Rights of the European Union: a mysterious provision with an unclear scope. Eur
Intellect Prop Rev 31:113
Geiger C, Izyumenko E (2014) Copyright on the human rights’ trial: redefining the boundaries of
exclusivity through freedom of expression. IIC 42:316
Geiger C, Schönherr F (2014) The information society directive (Articles 5 and 6(4)). In:
Stamatoudi I, Torremans P (eds) EU copyright law: a commentary. Edward Elgar, Cheltenham,
pp 395–536
Geiger C, Macrez F, Bouvel A, Carre S, Hassler T, Schmidt-Szalewski J (2008) What limitations to
copyright in the information society? A comment on the European Commission’s Green Paper
“Copyright in the Knowledge Economy”. IIC 40:412
Griffiths J, McDonagh L (2013) Fundamental rights and European IP law: the case of Art 17(2) of
the EU Charter. In: Geiger C (ed) Constructing European intellectual property: achievements
and new perspectives. Edward Elgar, Cheltenham, pp 75–93
Guibault LMCR (2010) Why Cherry-Picking never leads to harmonisation: the case of the limita-
tions on copyright under Directive 2001/29/EC. J Intellect Prop Inf Technol E-Commer Law
1:55
Hugenholtz BP (1997) Fierce creatures. Copyright Exemptions: Towards Extinction? Paper pre-
sented at the IFLA/IMPRIMATUR Conference Rights, Limitations and Exceptions: Striking a
Proper Balance, Amsterdam, 20-31 October
Hugenholtz PB, Senftleben M (2011) Fair use in Europe: in search of flexibilities, ivir. https://
www.ie-forum.nl/backoffice/uploads/file/IE-ForumP_B_HugenholtzenM_R_F_Senftleben,
Fair use in Europe_ In search of flexibilities, IEF 10485, IViR 14 november 2011_.pdf
Husovec M (2016) Intellectual property rights and integration by conflict: the past, present and
future. Cambridge Yearb Eur Legal Stud 18:239
98 B. J. Jütte
Izyumenko E (2016) The freedom of expression contours of copyright in the digital era: a European
perspective. J World Intellect Prop 19:115
Jütte BJ (2016) The beginning of a (happy?) relationship: copyright and freedom of expression in
Europe. Eur Intellect Prop Rev 38:11
Jütte BJ (2017) Reconstructing European copyright law for the digital single market: between old
paradigms and digital challenges, vol 10. Nomos, Baden-Baden
Jütte BJ, Maier H (2017) A human right to sample – will the CJEU dance to the BGH-beat. J
Intellect Prop Law Pract 12:784
Kur A (2008) Of Oceans, Islands, and Inland Water – How Much Room for Exceptions and
Limitations under the Three Step-Test? No 08-04:48, https://papers.ssrn.com/sol3/papers.
cfm?abstract_id=1317707
Leistner M (2016) Die “Metall auf Metall” - Entscheidung des BVerfG. Oder: Warum das
Urheberrecht in Karlsruhe in guten Händen ist. GRUR 118:772
Niemann F, Mackert LN (2013) Limits of sampling sound recordings: the German Federal
Supreme Court of Justice’s Metall auf Metall I & II holdings in light of the US jurisprudence
on digital sampling. Eur Intellect Prop Rev 35:356
Peukert A (2015) The fundamental right to (intellectual) property and the discretion of the legisla-
ture. In: Geiger C (ed) Research handbook on human rights and intellectual property. Edward
Elgar, Cheltenham, pp 132–148
Ramalho A (2014) Conceptualising the European Union’s competence in copyright – what can the
EU do? IIC 45:178
Reilly T (2012) Good fences make good neighboring rights: the German Federal Supreme Court
Rules on the digital sampling of sound recordings in Metall auf Metall. Minn J Law Sci
Technol 13:153
Rosati E (2014a) Copyright in the EU: in search of (in) flexibilities. GRUR Int 63:419
Rosati E (2014b) Has the CJEU in Deckmyn de facto harmonised moral rights? Available via The
IPKat. http://ipkitten.blogspot.com/2014/09/has-cjeu-in-deckmyn-de-facto-harmonised.html
Schonhofen S (2016) Sechs Urteile über zwei Sekunden, und kein Ende in Sicht: Die “Sampling”
-Entscheidung des BVerfG. GRUR-Prax 8:277
Wittem Project. European Copyright Code.. Available via Wittem Project. http://www.copyright-
code.eu
Xalabarder R (2016) The role of the CJEU in harmonizing EU copyright law. IIC 47:635
Chapter 5
Copyright and the Press Publishers Right
on the Internet: Evolutions
and Perspectives
Maria-Daphne Papadopoulou and Evanthia-Maria Moustaka
Abstract Article 11 (due to the legal cleaning of the text of the Digital Single
Market Directive 2019/790/EU, article numbers have changed; consequently,
Article 11 of the Proposal is now Article 15, while the similarly contentious provi-
sion under Article 13 on the use of protected content by information society service
providers has been renumbered as Article 17) of the Proposal for a Directive on
copyright in the Digital Single Market constitutes one of the most debated provisions
of the legislative corpus that demonstrates the ambitious transition of the European
acquis to the digital era. The introduction of an exclusive related right to press pub-
lishers for the digital uses of their content formed a casus belli within this long-term
and rather adventurous legislative initiative. Eventually, a compromise was reached
after two and a half years that the debate was launched and the tough negotiations
that intervened; on February 13, 2019, the relevant trilogue negotiations were suc-
cessfully concluded, reaching an agreement on a compromise text for the Copyright
Directive, including the new press publishers right (Rosati 2019. http://ipkitten.
blogspot.com/2019/02/breaking-agreement-on-dsm-directive.html). This chapter
explores all the key issues of the new right on press publications, demonstrating the
objectives sought through its establishment, while providing an analysis of the legal
and economic background from both sides of this persisting controversy. At first,
the relevant initiatives undertaken at national level, and foremost, the examples of
Germany and Spain are analyzed to demonstrate the inspiration for the introduction
of a harmonized right for press publishers. Thereafter, the main arguments against
this legislative step are investigated, demonstrating the substantive pillars and the
reactions that the European Commission experienced in this field. It should be noted
that this opposition had also crept into the European institutions themselves since
the European Parliament had first rejected the Committee Draft of the Proposal in
what has been described as a “surprising turn of events” (Rauer et al., European
Parliament votes to reject controversial Copyright Directive proposal, 2018a).
Lastly, the final text of the proposed Article 11 (renumbered Article 15) as adopted
by the European Parliament is presented, further including the rationale behind and
M.-D. Papadopoulou · E.-M. Moustaka (*)

Legal Department, Hellenic Copyright Organization, Athens, Greece
e-mail: papadopoulou@nllaw.gr; moustaka@nllaw.gr

https://doi.org/10.1007/978-3-030-25579-4_5
100 M.-D. Papadopoulou and E.-M. Moustaka
the objectives pursued under its establishment. On the eve of a radical overhaul of
the EU copyright system, it is important that we realize the substance of this new
right and the “tangible benefits” (European Commission, Digital Single Market: EU
negotiators reach a breakthrough to modernise copyright rules (Press Release).
http://europa.eu/rapid/press-release_IP-19-528_en.htm) aiming at yielding to
European press publishers and journalists for the massive online re-use of their
content. After all, it consists one of the cornerstones of this crucial reform that has
been described as making the future of Europe possible…
1 Introduction
Aiming at maximizing the competitiveness and growth potential of the European

digital economy into the global context, the introduction, in 2015, of the ‘Digital
Single Market Strategy’1 was centralized on the enhancement of cross-border online
activities through a number of key interdependent actions that primarily concerned
the legislative adaptations required. Accordingly, the objectives laid down within
this context were referring to the expansion of access to digital goods and services
throughout the Union, including copyright protected content services. Recognizing
that the creation, production, distribution, and exploitation of works and other
subject-matter of protection have been drastically and continuously changing
because of the rapid evolution of digital technologies, the establishment of a secure
and reliable regulatory framework2 called for a fundamental review of the EU copy-
right acquis. This copyright reform would further serve the identification of the role
and impact of the new actors and business models occurring in the digital reality,
along with the facilitation of the new uses emerging in the realms of research, edu-
cation, and cultural heritage. For this purpose, the adaptation of the EU legal frame-
work of copyright exceptions to the digital and cross-border environment was
designated as one of the key objectives sought in this process.3
1
A Digital Single Market Strategy for Europe—COM (2015) 192 final.
2
Including a tailor-made regulatory environment for online platforms and internet intermediary
service providers that would additionally serve the purpose of combating illegal material on the
internet. Communication from the Commission to the European Parliament, the Council, the
European Economic and Social Committee and the Committee of the Regions, A digital single
market strategy for Europe, COM (2015) 192 final.
3
Recalling the limited level of harmonization previously achieved at EU level in the field of excep-
tions and limitations, mostly because of their national character and optional implementation,
while addressing their contributive role towards the achievement of public policy objectives, the
European Commission repeatedly stated its aim of ensuring the legal certainty in the area. In this
regard, the objectives pursued under this copyright reform concerned, inter alia, the legality of
certain types of uses in the realm of scientific research, as actualized through the introduction of
the text and data mining exception, education activities, as well as the preservation of cultural
heritage.
5 Copyright and the Press Publishers Right on the Internet: Evolutions and Perspectives 101
However, the modernization of the EU copyright rules to make them fit for the
digital age4 would inevitably face the long-term debate over property and access in
a number of copyright issues, further entailing the conflicts arising between the
rights and interests of users and rightholders in the respective realm.5 In this regard,
the European Commission highlighted, in its Impact Assessment,6 the existing dis-
parity between producers and users of copyright protected content that was further
considered as placing press plurality and press diversity in jeopardy.7 Consequently,
a fair balance was sought between, on the one hand, information service providers
and in particular, online platforms, and on the other hand, news publishers. The sug-
gested reform would take the shape of one of the most controversial provisions of
the Proposal for a Directive on Copyright in the Digital Single Market8 (hereinafter:
‘Proposal’); that of Article 11 (now Article 15) which confers upon press publishers
a new right that aims at facilitating them in negotiating the re-use of their content on
online platforms, while enabling journalists to “receive a greater share of the reve-
nues generated by the online uses of press publications”.9 Since its inception, this
new right for press publishers formed a casus belli10 that persisted throughout this
long-term and rather adventurous legislative initiative. Two and a half years after the
debate was launched, an agreement was eventually reached on the compromise
amendments of the Proposal. Following the successful conclusion of the relevant
trilogue negotiations on February 13, 2019,11 the draft piece of legislation was
approved by the European Parliament’s Committee on Legal Affairs (JURI). The
last hurdle before the adoption of the intended copyright reform was cleared on
March 26, 2019. It was the day that the European Parliament voted in favor of the
new harmonized copyright regime under which the modernized rules fit for the digi-
tal age were eventually adopted; there were 348 votes in favor, 274 against, and 36
4
Communication from the Commission to the European Parliament, the Council, the European
Economic and Social Committee and the Committee of the Regions, Towards a modern, more
European copyright framework, COM (2015) 626 final.
5
http://www.europarl.europa.eu/news/en/press-room/20150615IPR66497/eu-copyright-
reform-must-balance-rightholders-and-users-interests-say-meps.
6
Commission Staff Working Document. Impact Assessment on the modernisation of EU copyright
rules. The related documents, as well as the executive summary, are available at: https://ec.europa.
eu/digital-single-market/en/news/impact-assessment-modernisation-eu-copyright-rules.
7
Ibid.
8
Proposal for a Directive of the European Parliament and of the Council on Copyright in the
Digital Single Market, COM (2016) 593 final.
9
Supra n. 4.
10
As well as former Article 13 (now Article 17), concerning the use of copyright protected content
by online content service providers. The compromise text that was respectively achieved provides
that the provision of access to copyright protected content uploaded by the users of online content
sharing service providers to the public shall be qualified as a restricted act of communication or
making available to the public, generating, as such, the obligation to obtain a prior authorization
by the rightholders concerned. In addition, the liability of such service providers is established in
accordance with the prerequisites set out therein.
11
Rosati (2019). http://ipkitten.blogspot.com/2019/02/breaking-agreement-on-dsm-directive.html.
abstentions.12 The European Commission described this vote as ensuring “the right
balance between the interests of all players”, these being users, creators, authors,
and press, “while putting in place proportionate obligations on online platforms”.13
In the light of the strongly debated press publishers’ right, the Commission had
recently outlined the enhancement of the “position of creators in their negotiations
with big platforms which largely benefit from their content”, since writers and jour-
nalists will, among other rightholders, “find it easier to negotiate better deals with
their publishers”.14 Following the publication of this groundbreaking reform on the
Official Journal of the EU (L 130/92, 17.05.2019), and provided that Member States
will subsequently have 24 months to implement the new rules into their national
copyright legislation, a step back needs to be taken to reconstruct the whole picture.
This chapter explores all the key issues of the new right on press publications, dem-
onstrating the objectives sought through its establishment, while analyzing the legal
and economic background from both sides of this persisting controversy. At first,
the relevant initiatives undertaken at national level, and foremost, the examples of
Germany and Spain are analyzed to signify the inspiration for the invention of a
harmonized right for press publishers. Thereafter, the main arguments against this
legislative step are investigated, demonstrating the substantive pillars and the reac-
tions that the European Commission experienced in this field. It should be noted
that this opposition had also crept into the European institutions themselves since
the European Parliament had first rejected the Committee Draft of the Directive in
what has been described as a “surprising turn of events”.15 Lastly, the final text of
Article 11 (renumbered Article 15) as adopted by the European Parliament is pre-
sented, further including the rationale behind and the objectives pursued under its
establishment. On the eve of a radical overhaul of the EU copyright system, it is
important that we realize the substance of this new right and the “tangible benefits”16
aiming at yielding to European press publishers and journalists for the massive
online re-use of their content. After all, it consists one of the cornerstones of this
crucial reform that has been described as making the future of Europe possible…
12
http://www.europarl.europa.eu/news/en/press-room/20190321IPR32110/european-
parliament-approves-new-copyright-rules-for-the-internet.
13
European Commission—Statement of 26 March 2019. Copyright reform: the Commission wel-
comes European Parliament’s vote in favour of modernised rules fit for digital age. http://europa.
eu/rapid/press-release_STATEMENT-19-1839_en.htm.
14
Ibid.
15
Rauer et al. (2018a).
16
European Commission, Digital Single Market: EU negotiators reach a breakthrough to moder-
nise copyright rules (Press Release). http://europa.eu/rapid/press-release_IP-19-528_en.htm.
2 T
he Rationale Behind the New Publishers’ Right
and Its Key Features
2.1 The Legal and Economic Background
Setting the framework within which this provision was introduced, the Impact
Assessment issued by the European Commission stressed out the need to achieve a
well-functioning online marketplace for copyright by facilitating licensing and
combating online infringements. Press publishers, whose bargaining position vis-à-
vis online platforms was regarded as weak,17 should be equally protected to other
rightholders based on their role and contribution to the copyright value chain. The
Explanatory Memorandum of the Proposal provided in this regard that press pub-
lishers “are facing difficulties in licensing their publications online and obtaining a
fair share of the value they generate”.18 Thus, they should be granted with the power
to achieve the recoupment of their investments and the enforcement of their rights
in the digital ecosystem. Moreover, Recitals 31 and 32 of the Proposal had under-
lined the organizational and financial investment of publishers in the production of
press publications and the need to be recognized by safeguarding the sustainability
of the whole publishing industry. Providing that a “free and pluralist press is essen-
tial to ensure quality journalism and citizens’ access to information”,19 while funda-
mentally contributing to “public debate and the proper functioning of a democratic
society”,20 the introduction of a real exclusive right for press publishers was regarded
as essential in the reformed European legal order. As respectively stated, since press
publishers should be treated equally as other related rightholders, their eligibility to
enter into contracts and bring infringement actions, namely the enforcement of their
rights, is inexorably intertwined and depending upon the legal monopoly deriving
therefrom.21
Focusing on the tangible aspects of the new press publishers’ right, the need to
strengthen their position in the digital environment by enabling them to be remuner-
ated for the online use and commercial exploitation of their content, emerged from
the development of the news aggregation model and the economic and financial
framework resulting therefrom. Rooted on the advertisement-based model,22 news
17
A perception deriving from the absence of a regulatory system under which the conclusion of
agreements concerning the remuneration due for the use, storing, and provision of access to user-
uploaded content would be obligatory.
18
Explanatory Memorandum of the Proposal, para. 1.
19
Recital 31 of the Proposal.
20
Ibid.
21
Legal Affairs. Legal analysis with focus on Article 11 of the proposed Directive on Copyright in
the Digital Market. http://www.europarl.europa.eu/RegData/etudes/BRIE/2017/596834/
IPOL_BRI(2017)596834_EN.pdf.
22
As the most basic business model in the internet under which attractive content (such as a movie,
a photo, music, or text) is (usually) provided for free for the attained consumers’ attention to be
actually sold to advertising companies. Hoppner et al. (2017).
aggregators services, such as Google News, gather and display on their websites
content from various press publications with a view to attracting new users. Although
press publications23 become freely available to the public, the new audience attracted
is consequently sold to advertisers, while publishers, as well as authors of such
works, are deprived of the revenues they deserve for the value that their content
generates online. Considering the organized structure in which news is presented in
such platforms, as well as the multitude of information and the rapidity of transmis-
sion, the finding that nearly half of users (47%) do not click any further, thus merely
reading through headlines and extracts, comes as no surprise. Speaking of (and
with) numbers, as respectively demonstrated in the Impact Assessment, the print
circulation of newspapers, based on the data provided by the press publishing sector
in eight Member States,24 declined from 8% (in Belgium) to even 52% (in Italy)
from 2010 to 2014. On the contrary, the growth of the digital audience of 39 pub-
lishers across these eight European markets was estimated as reaching, in 2015, 500
million users/browser accesses, while the same number three years ago was less
than half. In 2016, digital access to news content was almost doubled. Consequently,
consumers’ habits in respect of the main sources of information were also investi-
gated. It was found that 42% of news consumers were reading news online, while
66% of the visits to newspapers websites came from referral traffic through social
media, news aggregators, and search engines; however, within the same time, news-
papers lost a net revenue of 13%.25
2.2 N
ational Level Measures: The Examples
of Germany and Spain
The ‘right to published editions’, in its initial conceptualization, can be traced back
in 1968 as introduced into the Australian copyright act.26 Focusing on the inspira-
tion for this copyright reform, the examples of Germany and Spain shall be indi-
vidually exposed. Both national copyright systems had integrated a new, special
right to press publishers in ensuring the sustainability of the publishing sector
against new forms of exploitation promoted by aggregators and online operators.
However, the approaches adopted were significantly differentiated, further includ-
ing the subsequent evolution or even substance of the respective regimes.
23
Principally referring to excerpts from newspapers articles.
24
These being Belgium, Finland, France, Germany, Italy, Poland, Spain, and United Kingdom. See
more at Annex 13A included in the Commission Staff Working Document—Impact Assessment on
the modernisation of EU copyright rules—Part 3, p. 175.
25
Ibid.
26
Matulionyte (2018).
2.2.1 Germany: An Adventurous Legal Story and its End
Following four years of debate, an amendment to the German Copyright Act27 was
eventually adopted and entered into force in 2013, under which producers of press
products were granted an exclusive right to make press content or parts of it avail-
able to the public for commercial purposes (the ‘Leistungsschutzrecht für
Presseverleger’). The use of individual words or small text excerpts (snippets28) was
explicitly excluded from the scope of application of this ancillary right conferred
upon publishers of newspapers and magazines.29 Furthermore, the transferability of
this right was also provided, while its term of protection was designated as expiring
one year following the publication of the press product. The limitations applicable
to copyright in relation to lawfully permitted uses (such as citation) were expressly
provided as applying mutatis mutandis to the press publishers’ right, while its exer-
cise was further limited by the rights of the author or a related rightholder whose
work or protected subject-matter was incorporated in the press product. According
to the wording of the provision established under para. 4 of Section 87g of the
German Copyright Act, the act of making available to the public press product, or
parts thereof, shall be permissible “unless this is done by commercial operators of
search engines or commercial operators of services which edit the content”. In this
case, providers of such services had to obtain a prior authorization from press pub-
lishers as explicitly aligned with the payment of a reasonable compensation that
would be subject to negotiation between the parties concerned.30 Moreover, Section
87h of the German Copyright Act provided for the right of the authors to participate
in this remuneration scheme, thus being entitled to an equitable share of the reve-
nues accrued for the commercial exploitation of press products in the digital envi-
ronment. Those authors were further identified as entailing “text and photo
journalists, as well as freelancer editors”.31
In this regard, the identification of the “commercial” term was rather crucial to
demarcate the scope of application of this right. Based on the wording of this provi-
sion, commercial providers of search engines or of other similar services such as
news aggregation, were exclusively concerned. According to the German federal
27
Copyright Act of 9 September 1965 (Federal Law Gazette I, p. 1273), as last amended by Article
1 of the Act of 1 September 2017 (Federal Law Gazette I p. 3346) (Urheberrechtsgesetz, UrhG),
§§87f-h.
28
Being further defined as an “algorithm generated extract of a press publication that information
society providers use to provide services to their customers”. However, it was found that giving the
consumer a ‘snapshot’ of the main story provided in the press publication, the access to the main
site of the news brands was actually discouraged. Unattributed. The publishers’ right explained—
part 1. http://www.newsmediaeurope.eu/news/the-publishers-right-explained-part-1/.
29
Known as the “Leistungsschutzrecht für Presseverlage” (LSR).
30
On the contrary, the Spanish legislator followed a differentiated approach, thus providing for a
“compulsory, fixed compensation” for all uses undertaken by news services in the digital environ-
ment, further excluding search engine services. The Ancillary Copyright for Press Publishers in
Germany. Background information and answers to key questions. LSR Aktuell. http://www.lsr-
aktuell.de/sites/default/files/20170202_vg_media_lsra_broschuere_en.pdf.
31
Ibid.
government’s reasoning for the introduction of the relevant addendums into the
national copyright law, what was determinative was the profit-making intention of
such services through the systematic use and provision of access to press products,
meaning the use in a professional context. Consequently, it has been stated that
private users are profoundly exempted from the scope of this right, further including
businesses and companies of other sectors, attorney offices, associations, and non-
for-profit institutions. In respect of the search engines services, their actual techni-
cal operation as such, irrespective of the extent of the given search conducted, has
been designated as the decisive criterion for the relevant determination.32
The intended amendment was widely criticized even before its establishment.
More precisely, a wide range of stakeholders in Germany—from scholars and aca-
demics to business associations, the web community and, profoundly, Google—ran
diametrically counter to the adoption of this provision33 on the grounds of freedom
of speech and access to information, while the anticipated negative impact on the
German (digital) economy was also addressed. On the contrary, newspaper publish-
ers underlined its significance for the “maintenance of an independent, privately
financed news media”34 that would guarantee the freedom and plurality of the press
by filling a gap in German copyright law that needed to be adjusted to the require-
ments of the digital technology.35
Following the implementation of the German ‘Lex Google’,36 or more accu-
rately, on the same day that the new sections entered into force, Google News modi-
fied its indexing system in Germany to an opt-in mechanism. More precisely, a
confirmation statement was required by national publishers for their content to be
featured in the listings of the popular news aggregation platforms.37 From the press
publishers’ side, the determination of the fee payable for the online use of their
content and the respective royalty collection method were assigned to VG Media, a
collecting society that soon published the relevant tariff (concluding to 11% of the
search engine’s revenue) and called the counterparties to enter into negotiations for
the relevant licensing terms. However, Yahoo and Deutsche Telekom excluded from
their services the publishers claiming their ancillary right. Moreover, an argument
for the inapplicability of the license fee to online services was also developed, given
that Google aligned indexing with an agreement to a royalty-free license.38 Within
this context, the use of press products in Google search results was subsequently
32
Talke (2017).
33
Kreutzer (2011). Describing the economic rationale behind the forthcoming (at that time) mea-
sure under German law, the resemblance with the framework within which the relevant discussion
and the introduction of the respective provision at EU level has fallen, is more than close.
34
Since the introduction of the ancillary copyright and the consequent financial reward provided
for press publishers was considered as an important revenue source for the industry both on a
middle and long-term basis. Pfanner (2012).
35
Supra n. 37.
36
Read more about the substance, evolution, and effects of the German ancillary right for publish-
ers at: https://resources.law.cam.ac.uk/cipil/documents/potential_legal_responses_complete_tran-
script.pdf.
37
Rosati (2013).
38
Schlosberg (2017).
limited to headlines (i.e., the contested snippets and thumbnails were no longer
provided), which led to negative effects on the newspapers’ web traffic. On these
grounds, VG Media filled an antitrust complaint against Google, claiming an abuse
of its dominant position in the market and anti-competitive conduct. The claim was
dismissed39 and VG Media ended up granting (exclusively) to Google a “revocable
free license”.40 According to its statement,41 it was forced to such an “extraordinary
step” due to Google’s “overwhelming market power”.42
Although the settlement proposal issued by the Copyright Arbitration Board of
the German Patent and Trademark Office (DPMA) ran in favor of the tariff’s appli-
cability, its extent and current form were considered as rather excessive and inade-
quate. Moreover, an essential but still indefinite issue was also covered by the
DPMA’s ruling, concerning, in particular, the exception provided under Section
87f(1) of the German Copyright Act under which individual words or very short text
excerpts do not fall within the scope of the press publishers right. However, the
wording of this provision did not specify the type (i.e., snippets and thumbnails) or
more precisely, the length of the press content that would be subject to licensing and
payment of a fee, giving rise to contradictory interpretations that reflected the
diverging interests in the area. Accepting that a specific limit was nonetheless
required, DPMA reached a compromise by suggesting a seven-word limit, exclud-
ing search keywords.43 Even this substantial question, though, ended up lacking its
legal basis due to the outcome of the preliminary ruling that was brought before the
Court of Justice of the European Union (CJEU).44 The questions referred to the
court challenged the lawfulness and actual enforceability of the German right for
press publishers per se; if considered as a technical regulation, this provision should
have been duly notified to the European Commission in accordance with the proce-
dure laid down in Directive 98/34/EC45 as repealed and replaced by Directive
2015/1535/EU.46 In the event of a lack of such a proper notification, domestic law
39
Press Release (2014) Complaint by VG Media not sufficient to institute formal abuse of domi-
nance proceedings against Google. https://www.bundeskartellamt.de/SharedDocs/Meldung/EN/
Pressemitteilungen/2014/22_08_2014_VG_Media.html.
40
Unattributed (2015) Ancillary Copyright for Publishers: Taking Stock in Germany. Bitcom.
http://www.mittelstand-tour.de/bitkom/org/noindex/Publikationen/2016/Leitfaden/
Leistungsschutzrecht/2/160406-Leistungsschutzrecht-EN.pdf.
41
(2014) Pressemitteilung: Google lehnt ‘Waffenruhe’ ab -Presseverlage beugen sich Druck
Googles und lassen VG Media Gratiseinwilligung für Rechtenutzung erteilen. https://www.vg-
media.de/images/stories/pdfs/presse/2014/141022_pm_vgmedia_gratiseinwilligung-google.pdf
(in German).
42
Essers (2014).
43
Keller (2015a) and Hirche (2015).
44
CJEU, VG Media Gesellschaft zur Verwertung der Urheber- und Leistungsschutzrechte von
Medienunternehmen mbH v Google Inc, Case C-299/17. See more at Rosati (2017a).
45
Directive 98/34/EC of the European Parliament and of the Council of 22 June 1998 laying down
a procedure for the provision of information in the field of technical standards and regulations, OJ
L 204/37.
46
Directive (EU) 2015/1535 of the European Parliament and of the Council of 9 September 2015
laying down a procedure for the provision of information in the field of technical regulations and
of rules on Information Society services, OJ L 241/1.
should be deemed null and void and as such, inapplicable.47 And that was the
Advocate General’s Opinion delivered on 13 December 2018.48 According to this
Opinion, the German rules on the right related to copyright for press publishers
amount to a technical regulation within the meaning of Directive 98/34, thus specifi-
cally aiming at a particular information society service, namely, the provision of
press products through the use of internet search engines.49 Consequently, the
Advocate General stated that the German provisions in question were subject to the
notification obligation. Ιn the absence of a notification of these national provisions
to the Commission, they must not be applied by the German courts. The CJEU
eventually confirmed; in the judgment issued on September 12, 2019, the Court
dictated that the provision of the German law which prohibited only commercial
operators of search engines and commercial service providers that similarly publish
content from making newspapers or magazines or parts thereof (excluding individ-
ual words and very short text excerpts) available to the public, constitutes a “techni-
cal regulation”, the draft of which is subject to prior notification to the Commission.
As a result, the German press publishers’ right ended up unenforceable due to this
missed notification. It has been widely described as the Google’s victory over the
German publishers’ fee demands that were reaching an amount of $1.1 billion.
2.2.2 Spain: Following the Path of Limitations
Influenced by the legislative initiatives undertaken in Germany but following a dif-

ferentiated approach under the so-called ‘IPA Reform’,50 Spain included an adden-
dum in its national Copyright Act amending the quotation right instead of granting
an exclusive right to press publishers. In the wider context, the scope of application
of the right to quotation was extended in order to adapt to the digital environment
for the purpose of exclusively covering online news aggregation services. In other
words, the Spanish legislator considered digital contents aggregation as a permitted
use, meaning that a relevant authorization is not required, thus being qualified, under
47
Rauer (2017).
48
http://curia.europa.eu/juris/document/document.jsf?text=&docid=208982&pageIndex=0&docl
ang=EN&mode=lst&dir=&occ=first&part=1&cid=5724825.
49
More precisely, the Advocate General Gerard Hogan considered that the German provisions
“cannot be regarded as simply the equivalent of a condition governing the exercise of a business
activity such as a prior authorisation requirement. Their effect in practice is to make the provision
of the service subject to either a form of a prohibitory order or a monetary claim at the instance of
the publisher of newspapers or magazines”. Court of Justice of European Union. Press Release No
197/18. https://curia.europa.eu/jcms/upload/docs/application/pdf/2018-12/cp180197en.pdf.
50
Law No. 21/2014 of November 4, 2014, amending the Consolidated Text of the Law on
Intellectual Property, approved by Royal Legislative Decree No. 1/1996 of April 12, 1996, and
Law No. 1/2000 of January 7, 2000, on Civil Procedure, which entered into force in 2015. However,
it was only recently that CEDRO (i.e., the Spanish Reproduction Rights Centre representing
authors and publishers of books, magazines, journals, newspapers, and sheet music) initiated nego-
tiations for the determination of the relevant fee.
specific conditions, as a quotation. Nonetheless, even if the prerequisites set out by

the law are met, publishers or, as applicable, other rightholders are entitled to render
this freedom subject to the payment of an equitable remuneration for such a use.
Under Article 32(2) of the Spanish Copyright Act, a number of limitations are
respectively applicable. First, the contents aggregation shall exclusively entail non-
significant fragments of contents. Second, these contents must have been available in
periodical publications or in periodically updated websites. Third, the contents aggre-
gated by the providers of such digital services shall serve informational or entertain-
ment purposes, or the creation of the public-opinion objective. Provided that all these
conditions are fulfilled, the making available to the public of such publications51 is
not subject to an authorization by the respective rightholders. However, even in that
case, publishers and potentially other holders of rights over such works shall receive
a fair compensation, meaning inversely that online news aggregation services provid-
ers shall pay a copyright fee for the use that they make. As in the case in Germany,
the addressees of this remuneration obligation have been regarded as entailing com-
mercial “online outlets posting links and excerpts of news articles originated
elsewhere”,52 profoundly referring to search engines and news aggregators, and fore-
most, to Google News.53 However, many other aggregators, such as bloggers and
other websites, have been considered to be additionally affected by this provision.54
Furthermore, an exception to the equitable compensation rule has been provided
under Article 32(2) of the Spanish Copyright Act, concerning, in particular, the
mere provision of links55 to press publications by search engine services. Provided
that the conditions set out in the law are met, this act is neither subject to a prior
authorization nor to a payment of a fee. The provision of access to the news content
covered by the exception is explicitly provided as the “making available to the pub-
lic of isolated words”56 that are further incorporated in the publications described
above. Moreover, search engine services have been determined as those facilitating
search instruments of such words. What is crucial is the use (i.e., making available)
of “isolated pieces of information”57 that are indispensable for the provision of
search results in reply of a given search query as previously formulated by the user.
For this exception to apply, three prerequisites have to be cumulatively fulfilled: (a)
51
Excluding, though, photographic works or ordinary photographs incorporated in such publica-
tions for the use of which an authorization is required. On the contrary, documentaries and news
recordings fall within the scope of application of this provision.
52
Caldaza and Gil (2018).
53
Consisting the grounds for its characterization as the “Google Tax” right. Hernández (2014).
54
Plantada (2014).
55
In this regard, it should be noted that linking is not qualified as an act of communication to the
public under Article 20(2) TRLPI. Nonetheless, according to the national case law, the provision
of links to infringing content may, in certain circumstances, amount to a copyright infringement.
Furthermore, the “active and non-neutral” provision of links to illegal content with a profit-making
intention implies both administrative and criminal sanctions. https://euipo.europa.eu/ohimportal/
el/web/observatory/faqs-on-copyright-es.
56
Xalabarder (2014).
57
Rosati (2014).
a link to the website hosting the original work58 shall be provided; (b) such search
engine services providers shall not pursue commercial purposes; and (c) the use of
excerpts (i.e., isolated words) of the news content shall be “limited to what is neces-
sary to provide search results in response to previous user queries”, strictly
construed.59
In this regard, an interesting decision issued by the Spanish Supreme Court prior
to the establishment of Law 21/2014 is worth to be mentioned thus holding in favor
of the Google search engine including its ‘cache copy’ service, namely the com-
puter-generated review of newspapers’ articles offered by Google News to online
users. The case concerned the unauthorized use (i.e., reproduction and making
available to the public) of fragments of websites listed as a result of the Google
search engine operation and the relevant cache copy service. The claimant sought
monetary damages, while also issuing an injunction to prevent the further operation
of the Google Spain search engine service. It was by virtue of this maximalist claim
that a copyright infringement was not assessed by the court since it was qualified as
an abusive exercise of copyright intending exclusively to harm the defendant. More
precisely, the ruling of the court was based upon the use of the ‘three-step test’60 as
a positive interpretation criterion, meaning that the general principles of the law,
such as good faith, the prohibition of abuse of rights, and the doctrine of harmless
uses by third parties, shall be incorporated and reflected therein. Moreover, the
reproduction of fragments of the linked websites was regarded as insignificant,
while also serving informatory purposes.61
Contrary to the German ‘Leistungsschutzrecht für Presseverleger’, the remuner-
ation right conferred upon press publishers in Spain is unwaivable, meaning that
publishers cannot opt out from receiving the copyright fee to be paid by online news
aggregators, neither can they grant a free license for the online use of their content.
Furthermore, the law provides for the transferability of this right,62 while it is also
subject to mandatory collective management.63 It was by virtue of this unwaivable
nature of the statutory equitable compensation, along with the arguments that
asserted its vague scope and imprecise language, that this provision was severely
criticized even before its adoption. The objections against its establishment entailed
its (potential) impact on a “broader range of online activities beyond the purportedly
58
Otherwise, to the “provenance page of the content”. Vidal (2014).
59
Ibid.
60
Explicitly provided under Art. 40bis TRLPI. The so-called “three-step” was introduced into the
EU acquis under para. 5 Article 5 of Directive 2001/29/EC which dictated that the exceptions and
limitations provided under this provision shall only be applied: (a) in certain special cases that (b)
do not conflict with a normal exploitation of the work or other subject-matter and (c) do not unrea-
sonably prejudice the legitimate interests of the rightholder.
61
Sentencia n.172/2012, of 3 April 2012, Supreme Court, Civil Chamber. Xalabarder (2012).
62
Similar to the press-clipping limitation provided under Article 32(1) of the Spanish Intellectual
Property Law (TRLPI).
63
Priora (2018).
targeted news aggregation and search engines”,64 on which serious anticompetitive

effects were also speculated. Moreover, the freedom of the public to access informa-
tion and the media diversity principle were also alleged to be jeopardized by this
legislative initiative. Lastly, Article 32(2) was contested as infringing copyright law,
as well as the EU acquis and the CJEU case law, distorting accordingly the func-
tioning of the internal market and subsidizing an industry at the expense of another
at national level.65
As an immediate effect of the adoption of the new legislation and even before its
entry into effect, the news-linking service was terminated by Google on the grounds
of the alleged unsustainability of the approach adopted. On the contrary, the Google
search engine machine remained operational thus being allowed, under the statutory
exception, to provide links and display, as such, news content available online.
However, the repercussions for the Spanish news websites that were excluded by the
popular online news aggregation platform were demonstrated by a traffic decline
exceeding “6% on average and 14% for small publications”, while their loss of
revenue was estimated at €10 million ($11.7 million) in the first year following the
implementation of the law.66
Moreover, a study on the impact of the Spanish ancillary copyright commis-
sioned by the Spanish Association of Publishers of Periodical Publications
(‘AEEPP’) had underlined its negative effect on various stakeholders, including
news aggregators, (small) publishers, as well as online consumers such as readers
and advertisers. Furthermore, this provision has been regarded as imposing barriers
to innovative developments, distorting competition, prejudicing the net-neutrality
principle, while additionally implying regulatory uncertainty. Lastly, the threat or
even the high risk of infringement of the quotation right has been demonstrated,
further including the right to use and release Creative Commons-licensed
content.67
2.3 A
rticle 11: Definitions, Subject-Matter and Scope
of Application
As already stated, the objective pursued under the Proposal was the improvement of
legal certainty throughout the Union and the strengthening, inter alia, of the press
publishers’ bargaining position in the digital interplay in supporting and ensuring a
free and pluralist press. More precisely, the idea was to “confer on publishers their
own ‘related right’, similar to the ‘neighboring rights’ given to other investors in
64
Supra n. 63.
65
Ibid.
66
Bailey (2018).
67
Keller (2015b).
broadcasts, sound recordings and film fixations”.68 Within this context, and building
upon the national examples of Germany and Spain, while also considering the emer-
gence of similar legislative initiatives at other Member States,69 an exclusive related
right for press publishers was eventually introduced. From this perspective, it could
be argued that this right resembles to the respective provision adopted by the
German legislator rather than implementing a condition attached to an exception as
was the case in Spain. Although the definition on press publications provided under
the EU law is partially identical to the German legislative initiative,70 it should be
noted that the EU-wide related right conferred upon press publishers has been char-
acterized as even more comprehensive in relation to the so-called ‘link tax’ provi-
sions established at national level.71
Deepening in the crucial issue of the concept of press publications, consisting of
the rationae materiae of the press publishers right, the comparison between the
relevant definition, including the respective recital, as provided under the Proposal,
and its final version, indicates a number of substantial modifications. In particular,
Recital 33 of the Proposal stated that the notion of press publications shall only
68
Study for the JURI Committee (2017) Strengthening the Position of Press Publishers and Authors
and Performers in the Copyright Directive, p. 15. http://www.europarl.europa.eu/RegData/etudes/
STUD/2017/596810/IPOL_STU(2017)596810_EN.pdf.
69
Since a relevant discussion was also taking place in Belgium, Italy, and France. See, in particular,
European Commission (2016) Remuneration of authors of books and scientific journals, transla-
tors, journalists, and visual artists for the use of their works. https://www.ivir.nl/publicaties/down-
load/remuneration_of_authors_final_report.pdf.
70
Recital 33 of the Proposal dictated that “periodical publications published for scientific or aca-
demic purposes are expressly exempted (emphasis added) from the protection granted to press
publications” similarly to the relevant definition provided under German law. This exception was
retained in the text of the Directive adopted with a slight, though, difference in the relevant word-
ing as provided now under Recital 56 (renumbered Recital 33); in particular, Recital 56 currently
states that such publications “should not be covered (instead of “are expressly exempted) by the
protection granted to press publications under the Directive” (emphasis added). Lastly, it should be
noted that the exception concerning press publications serving scientific or academic purposes has
been added as such to the definition of press publications provided under Art. 2 para. 4 of the
Directive, entailing, in addition, the example of “scientific journals”.
71
Since both the German and Spanish legislative instruments provide that press publishers are
awarded with a remuneration right exclusively against commercial search engines services and
other commercial content providers. Talke (2017). However, the compromise amendment on
Article 11 included an additional—to the initial proposal—rule (para. 1(a)) which similarly pro-
vided that the rights conferred upon publishers of press publications “shall not prevent legitimate
private and non-commercial use of press publications (conducted) by individual users”. JURI
Committee (2018) Proposal for a Directive on copyright in the digital single market. Compromise
amendments and alternative compromise amendments (final). http://www.europarl.europa.eu/
cmsdata/149561/juri-committee-compromise-amendments-copyright-dsm.pdf. In the final version
of Article 11 (now Article 15 para. 1(b)), the aforementioned wording is slightly different, thus
expressly providing that “private (i.e., the word “legitimate” has been removed) or non-commer-
cial uses of press publications carried out by individual users” are excluded from the scope of
application of the press publishers right. Recital 56 of the Directive is additionally stating that
these private and non-commercial uses include the online sharing of press publications conducted
by individual users.
entail “journalistic publications, published by a service provider, periodically or

regularly updated in any media, for the purpose of informing or entertaining”. On
the contrary, Recital 56 of the final text of the Directive provides that the journalistic
publications exclusively covered by this Directive are those “published in any
media, including on paper, in the context of an economic activity which constitutes
a provision of services under Union law”. Inversely, it is profound, while also
explicitly stated,72 that private or non-commercial uses of press publications carried
out by individual users are not covered by the press publishers right, including the
case where they share such content online. Consequently, such uses shall continue
to be governed by the existing EU copyright rules.
Moreover, press publications have been defined as mostly incorporating literary
works, stressing, in parallel, other types of works or other subject-matter of protec-
tion, such as photographs and videos, which are increasingly included therein. It is
noteworthy that the indicative list of press publications, initially provided under
Recital 33 of the Proposal,73 has been complemented by the additional reference to
“subscription-based magazines”. As regards the subject-matter that falls outside the
scope of application of the press publishers’ right, periodical publications published
for scientific or academic purposes are expressly exempted. Moreover, the protec-
tion afforded to press publishers is not extending to the mere facts reported in press
publications, reaffirming, as such, the axiom and very essence of copyright law
under which facts, including raw information, and ideas are not copyrightable. The
legal monopoly deriving from copyright is exclusively attached to the author’s own
intellectual creation to the extent that it is original.74 A significant addendum that
intervened, which was neither included in the Proposal nor in the compromise
amendment of Article 11, concerns the explicit exclusion of individual words or
very short extracts of a press publication75 from the rights conferred upon press
publishers under the Directive. In this regard, Recital 58 of the final text of the
Directive underlines that such an exemption should be construed in such a way as
not to affect the effectiveness of the rights granted to press publishers, specifically
considering the massive aggregation and use of press publications by such providers
and the economic relevance that (even) the parts of such publications have gained.
On the definition per se of press publications, the wording of Article 2 para. 4 is
slightly but still essentially differentiated. In its initial form, it read as follows:
“‘press publication’ means a fixation of a collection of literary works of a journalis-
tic nature, which may also comprise other works or subject-matter and constitutes
an individual item within a periodical or regularly-updated publication under a sin-
gle title, such as a newspaper or a general or special interest magazine, having the
72
Both in Recital 55 and Article 15 para. 1 of the Directive.
73
Renumbered Recital 56.
74
CJEU, Infopaq International A/S v Danske Dagblades Forening, Case C-5/08, Judgment of the
Court of 16 July 2019, and subsequent case law.
75
Article 15 para. 1 of the Directive.
purpose of providing76 information related to news or other topics and published in

any media under the initiative, editorial responsibility, and control of a service pro-
vider”. In its final version, it dictates that the notion of ‘press publication’ means a
“collection composed mainly of literary works of a journalistic nature, but which
can also include other works or subject matter”. The subsequent wording has been
retained as such; however, it is now clearly distinguished to the three prerequisites77
that have to be cumulatively fulfilled for a press publication to fall within the scope
of application of the press publishers’ right.
In respect of the nature of the press publishers’ right, Recital 34 of the Proposal
dictated that it shall have the same scope as the rights of reproduction and making
available to the public provided for in Directive 2001/29/EC (Infosoc Directive)78
insofar as digital uses are concerned. In comparison to the text of the Directive on
which final consensus was reached, the ‘digital uses’ term has been replaced, under
Recital 57, by the notion of “online uses (provided) by information society service
providers”. Exploring the rationale behind the establishment of such an entitlement
to press publishers, the problems they are facing towards the licensing of online
uses of their publications79 and their subsequent difficulty in recouping their
investments,80 are demonstrated as the grounds for their recognition as related right-
holders. Moreover, the establishment of such a tailor-made and foremost harmo-
nized regulatory framework has been regarded as necessary for press publishers to
be able to efficiently exercise and enforce their rights in the digital and cross-border
environment. Consequently, both the proposed and the subsequently adopted regime
confer upon press publishers a right related to copyright for the reproduction and
making available to the public of press publications in respect of online uses pro-
vided by information service providers, since considered as the proper means to
effectively guarantee the legal protection that press publishers deserve.
76
This second prerequisite for a press publication to fall within the scope of the press publishers’
right has been slightly changed in the text of the Directive adopted thus now describing the provi-
sion of information as addressing “to the general public”.
77
In particular, Article 2 para. 4 of the text of the Directive on which final consensus was reached
dictates that a press publication (defined as above) shall further: (a) constitute an individual item
within a periodical or regularly-updated publication under a single title, such as a newspaper or a
general or special interest magazine, (b) have the purpose of providing the general public with
information related to news or other topics, and (c) be published in any media under the initiative,
editorial responsibility and control of a service provider.
78
167/10.
79
In this regard, Recital 54 of the Directive emphasizes on the wide availability of press publica-
tions as regarded in relation to the constant emergence of new online services, indicatively stating
the news aggregation and the media monitoring services. As it is respectively stated, the re-use of
press publications constitutes an important part of such services’ business models, while further
consisting of a source of revenues from which press publishers are deprived or at least prevented
to have access to.
80
Otherwise, their “organisational and financial contribution” in the production of press publica-
tions, as stated under Recital 55 of the Directive.
For the purpose of increasing the intended legal certainty in the area, the final
text of this provision incorporates, in addition, a definition of the concept of press
publishers per se, dictating that it “should be understood as covering service provid-
ers, such as news publishers or news agencies, when they publish press publications
within the meaning of this Directive”.81 Moreover, it is expressly provided that the
legal protection for press publications provided under the Copyright Directive ben-
efits publishers that are established in a Member State and have, in compliance with
Article 11 of Directive 96/9/EC,82 their registered office, central administration or
principal place of business within the Union. Moreover, para. 5 of Article 15 dic-
tates that Member States shall ensure that authors of works incorporated in a press
publication receive an appropriate share of the revenues that press publishers obtain
for the use of their press publications by information society service providers; it is
a slightly differentiated version of the provision introduced, under para. 4(a) of
Article 11, in the compromise amendments83 of the Proposal.
Considering the limitations applicable to the press publishers’ related right, the
implementation of which is mandatory84 for Member States, it should be stressed
that it is explicitly subject to the exceptions and limitations provided under Article
5 of the Infosoc Directive,85 entailing, in addition, the obligations as to technologi-
cal measures and rights-management information, as well as the appropriate sanc-
tions and remedies to be provided by the Member States in cases of infringement.86
Moreover, Directive 2017/1564/EU87 shall also apply mutatis mutandis to the press
publishers’ right.88 Lastly, the rights of the authors and other rightholders over their
works or other protected subject-matter incorporated in a press publication, shall
not in any way be affected by the establishment of this right to press publishers. In
particular, it has been expressly stated that this right cannot be invoked against
authors or rightholders89 as specifically concerning their right to “exploit their works
81
Recital 55 of the Copyright Directive.
82
protection of databases. OJ L 77, 27.3.1996.
83
According to the wording of the compromise amendment of Article 11, authors shall receive an
appropriate share of the additional revenues press publishers receive for the use of a press publica-
tion by information society service providers (emphasis added). Supra n. 78.
84
Both Article 11 of the Proposal and the renumbered Article 15 of the final text of the Directive
provide that Member States shall (emphasis added) provide press publishers (established in a
Member State) with the rights provided for in Article 2 and Article 3(2) of Directive 2001/29/EC.
85
Where an explicit reference to the quotation exception for criticism and review is provided under
Recital 57 of the Directive.
86
Articles 6–8 of Directive 2001/29/EC.
87
Directive (EU) 2017/1564 of the European Parliament and of the Council of 13 September 2017
on certain permitted uses of certain works and other subject matter protected by copyright and
related rights for the benefit of persons who are blind, visually impaired, or otherwise print-dis-
abled and amending Directive 2001/29/EC on the harmonisation of certain aspects of copyright
and related rights in the information society. OJ L 242/6.
88
Article 15 para. 3 of the Directive.
89
Or, according to the final text of Recital 59 of the Directive, against other authorized uses of such
works or subject-matter of protection. Article 15 para. 2 of the Directive dictates respectively that
and other subject-matter independently from the press publication in which they are
incorporated”.90 In other words, the press publishers’ right is applicable without
prejudice to the authors and other creators’ rights on their individual contributions
that comprise the subject-matter of protection of this provision, namely the final
press product.91 In this regard, special focus shall be placed upon hyperlinking,
which admittedly consists of one of the most complex copyright issues.92 In respect
of the right afforded to publishers, Recital 33 of the Proposal provided that the pro-
tection granted shall not extend to acts of hyperlinking “which do not constitute
communication to the public”. As the CJEU had respectively ruled in Svensson,93
the provision on a website of clickable links to works freely available on another
website (i.e., meaning without any access restrictions) does not constitute a com-
munication to the public since not addressing to a ‘new public’. The same result,
though, has also been reached in the case where the copyright holder had not autho-
rized the posting of a hyperlink on a website to works protected by copyright being,
as such, illegally published on the website to which those hyperlinks lead. However,
two prerequisites must be fulfilled for such a determination; the person who posts
that link shall not seek financial gain and shall act without knowledge that those
works have been published illegally.94 In any case, the issue of communication to
the public was eventually avoided as regards as hyperlinking and the press publish-
ers’ right since both the compromise amendment of Article 11 and the final version
of Article 15 of the Copyright Directive dictate that the legal protection granted to
press publishers does not extend to mere “acts of hyperlinking”.95
The term of protection of this right was initially designated as lasting for twenty
(20) years following the first publication of the subject-matter of protection.96
Provided that such a term attracted severe criticism per se, the duration of the press
publishers’ right was then reformulated, under the amended version of the Proposal
adopted by the European Council’s Permanent Representative Committee
such uses concern the inclusion of works or other subject-matter of protection based on a non-
exclusive license or for prohibiting the further use of such works or other subject-matter the term
of protection of which has expired.
90
Ibid.
91
Article 15 para. 2 of the Directive. A similar provision was also included in Recital 35 and Article
11(2) of the Proposal.
92
Indeed, the issue of hyperlinking as amounting (or not) to a restricted act of communication to
the public has been treated in a different manner at national law even within the same jurisdiction
and by the same competent court. See more in respect of the Greek case law in the area in:
Nikolinakos et al. (2019).
93
C 466/12, Judgment of 13 February 2014.
94
CJEU, GS Media BV v Sanoma Media Netherlands BV, Playboy Enterprises International Inc.,
Britt Geertruida Dekker, Judgment of 8 September 2016.
95
Article 11 para. 2(a) of the compromise amendment of Article 11; Recital 57 and Article 15 para.
1 of the Directive.
96
Article 11, para. 4 of the Proposal.
(COREPER), to last for only one (1) year.97 The compromise provision adopted by
the JURI Committee provided that the protection granted to press publishers should
last for five (5) years. Eventually, the term provided, under Article 15 para. 4 of the
Directive, expires in two (2) years following the publication of the press publica-
tion. In this regard, it should also be noted that this right does not have a retroactive
effect and does not cover press publications published before the entry into force of
the Directive.
On the mandatory character, transferability, and management of the press pub-
lishers’ rights, they are assignable and may be administered either individually or
collectively since a provision to the contrary is not included in the corpus of the
legislation adopted. Similarly, the respective rightholders may waive the rights
attributed to them since they are not compulsory.98
3 T
he Problematic and Controversial Debate on the New
Press Publishers’ Right
3.1 Two Sides of the Same Arguments
The considerable criticism99 and the argumentation against the Proposal and the
compromise amendments that were later introduced, reflect the controversy sur-
rounding the press publishers’ right, as well as the relevant concerns expressed by a
variety of stakeholders, including legal and academic experts. Indeed, a “rare
97
Council of the European Union (2018) Proposal for a Directive of the European Parliament and
of the Council on copyright in the Digital Single Market, Interinstitutional File: 2016/0280 (COD).
98
Under the draft compromise proposal issued by Axel Voss (the Copyright Directive Rapporteur)
on March 28, 2018, not only press publishers but also news agencies were included in the rationae
personae of Article 11 that would confer upon them the “inalienable right to obtain a fair and
proper remuneration” for the digital use of their press publications: https://juliareda.eu/wp-con-
tent/uploads/2018/03/voss11.pdf.; Read more at: Rauer et al. (2018b). However, this proposal was
strongly criticized as expanding the scope of exclusive rights to cover (unprotected) facts, threaten-
ing, as such, the fundamental right of access to information. Eventually, news agencies were
explicitly included in the concept of ‘press publishers’, along with news publishers in the case
where they publish press publications within the meaning of the Directive (Recital 55 of the
Directive). In addition, the unwaivable nature of the remuneration provided under that proposal
was argued to “interfere with the operation of open licensing” (such as the Creative Commons
licenses): Vollmer (2018). At last, the final compromise amendment adopted by the JURI
Committee on June 19, 2018 provided for the Member States’ obligation to grant press publishers
with the rights of reproduction and communication to the public “so that they may obtain (empha-
sis added) fair and proper remuneration”, Supra n. 90. The wording of Article 15 para. 5 of the
Directive provides, in this regard, that authors shall receive an appropriate share of the revenues
that press publishers receive (emphasis added) for the use of their press publications by informa-
tion society service providers.
99
Read more about the main lines of criticism in respect of Article 11 at: http://copyrightblog.klu-
weriplaw.com/2018/03/13/copyright-reform-new-right-press-publishers-not/?doing_wp_cron=15
35809220.9804170131683349609375.
academic consensus” has been reached against (former) Article 11, thus being char-
acterized as a “bad piece of legislation”.100 According to the academics’ virtually
unanimous position, the introduction of “very broad rights of ownership” in news
and information in general is speculated to impinge on the “free flow of information
that is of vital importance to democracy”.101 More precisely, it has been stated that
if permission is required before sharing information, the foundational rule of copy-
right law under which “news of the day and miscellaneous facts having the charac-
ter of mere items of press information”102 are explicitly excluded from the scope of
copyright protection, would be violated. On the opposite side, the rationale behind
the establishment of this new right lies exactly on the aim of ensuring the access of
the public to information that is currently in threat because of the publishers’ pre-
carious position in the digital environment.
Furthermore, the repercussions of such a measure were also considered in rela-
tion to other fundamental rights such as the freedom of online service providers to
conduct (online media) business, and foremost, the freedom of expression on the
basis of the principle of proportionality. In this respect, it has been stated that all
regulatory interventions, including the creation of exclusive rights in information
for publishers, shall comply with the “strict standard of scrutiny in the case of news
and other public interest information”.103 However, the same argument on the nega-
tive effects on fundamental rights was also developed from the opposite side that
advocated in favor of the enactment of this right on the basis of safeguarding quality
journalism and freedom of the press in the competitive digital age.
The same finding, namely the opposite views on the same issue, is also observed
in the argumentation developed by both the defenders and the opponents of this
right on the grounds of a current or even a threatened distortion of competition.
Further entailing the substantial differences between the different players involved,
it has been argued that the obligation imposed for a prior licensing accompanied
with the payment of a compensation fee for the use of news content in the digital
environment, makes such a use conditional upon high transaction costs.
Consequently, it has been stated that journalists, photographers, freelancers, smaller
publishers or small (European) entities in general, as well as start-ups will be pre-
vented from entering this emerging market. On the contrary, internet giants, such as
Google, and in a broader sense, large incumbent (US-based) online news providers
will be ultimately privileged—albeit targeted—by this provision, since the enhanced
transaction costs might not be eventually prohibitive. Even in this case, though, the
(questionable) benefit of the leaders in the field of news institutions will unavoid-
ably rely upon the “existing power asymmetries in media markets” which will be
inversely intensified. On the contrary, from the viewpoint of press publishers, news
100
Academics against Press Publishers’ Right: 169 European Academics warn against it. https://
www.ivir.nl/publicaties/download/Academics_Against_Press_Publishers_Right.pdf.
101
Ibid.
102
Article 2(8) of the 1886 Berne Convention for the Protection of Literary and Artistic Works.
103
Van Eechoud (2017).
aggregation platforms are the ‘parasitic free-riders’104 on their rights and interests,
distorting, as such, competition in the digital environment. Indeed, many aggrega-
tors are directly competing with newspapers’ and press publishers’ websites for the
same advertising budgets by satisfying the same information demand of the same
audience. This substitute effect means that news aggregations services impinge on
the number of visits to news outlets, while their subsequent impact on the latters’
advertisement revenues “remains an open question”.105 Moreover, competition is
also developed on the press product itself since the same news content (produced by
press publishers at high costs) is merely copied (at no costs) by news aggregators.106
Irrespective of the standpoint adopted, this constitutes a classical market failure that
needs to be addressed.107
3.2 Missing Causality and Burden of Proof
What is crucial is that the controversy concerning the press publishers’ right lied on
the very essence of the relevant provision since most commentators questioned the
need for or even the desirability of introducing such a right,108 while the competence
of the European Union to intervene in this field was additionally challenged.109 At
this point, the main arguments developed in favor of this new right for publishers
should be recalled as simultaneously debated by its opponents. According to the
so-called ‘incentive argument’, the legal protection afforded to press publishers
104
Supra n. 70.
105
According, though, to the “market expansion effect”, news aggregators constitute an “important
channel for attracting visitors to news outlets” since they increase the news consumers’ awareness
in respect of their content, increasing, as such, search visits. Supra n. 59.
106
Read more about the news consumption system, the role and impact of aggregation and search
engine services, and the development of the “‘hot news’ misappropriation doctrine” under the US
jurisdiction based on direct competition and free-riding practices in: Whitmore (2015).
107
The economic justification of the press publishers’ right lies in the fact that the replication and
distribution of press publications, or more precisely, their “mass exploitation” derives from strong
economic incentives as aligned with the business model of news aggregation and search-engine
services. Intending to “build their own customer relationships in order to generate revenues”, these
platforms “keep users away from the source”, causing detrimental effects to the press publishing
sector. Legal Affairs. The proposed Directive on Copyright in the Digital Single Market (Articles
11, 14 and 16): Strengthening the Press through Copyright. http://www.europarl.europa.eu/
RegData/etudes/BRIE/2017/596835/IPOL_BRI(2017)596835_EN.pdf.
108
In this regard, 37 professors and leading scholars of Intellectual Property, Information Law and
Digital Economy have responded to the IPO’s request for views in relation to the modernization of
the EU copyright framework. Their response concluded by stating that the proposed right is
“unnecessary, undesirable, introduces unnecessary uncertainty and is unlikely to achieve anything
apart from adding to the complexity and cost of operating in the copyright environment”. Supra n.
75.
109
Position Paper: New Rights for Press Publishers. https://www.communia-association.org/wp-
content/uploads/2016/12/COMMUNIAPositionPaperonNewRightsforPressPublishers-final.pdf.
would incentivize the commercial production of news, ensuring, as such, media

diversity and plurality, while simultaneously contributing to a healthy democracy.
However, the alleged “manifest weaknesses” of this argument concerned the lack of
a causal link between the achievement of the objective sought and the establishment
of a related right, further entailing the rationale for its harmonization. For this rea-
son, the intervention at national level, instead of the establishment of an EU-wide
right, had been suggested as more adequate.110 Furthermore, the ‘equality argument’
was based on the unfair treatment that press publishers are currently facing by virtue
of the existing EU copyright regime. However, this argument was asserted as not
sufficing per se for the introduction of a new related right. The ‘free-riding argu-
ment’ addressed the illegitimate benefit that news online distributors obtain at the
expense of press publishers without providing, though, for clear evidence. Lastly,
the ‘natural rights argument’, according to which commercial publishers have a
natural right to the news they publish and should be protected as such, was not
regarded as being substantiated; as it has been respectively stated, even if “an inter-
vention to benefit the commercial news industry is merited, a publishers’ right has
not been demonstrated to be an appropriate way to intervene to do so”.111
Focusing on the rationale behind the establishment of a related right to press
publishers as demonstrated in the Explanatory Memorandum of the final text of the
Copyright Directive, press publishers are facing problems in licensing the online
use of their publications to the providers of online services such as news aggregators
and media monitoring services. Provided that their investment112 must be recouped,
while considering the difficulties that press publishers are currently facing towards
the achievement of this goal, the increase and sustainability of the publishers reve-
nues have been designated as two of the key objectives sought through the establish-
ment of a related right. However, this aim has been considered as a ’wishful thinking’
by virtue of the unavailability of specific data on the manner and the extent to which
such a goal will be actually achieved. In addition, an argument concerning the lack
of concrete evidence in relation to the actual investment that press publishers under-
take for the production and online presentation of press content, has been also
developed.113 In this regard, the reason behind the suffering of press publishers on
the transition from the traditional to the digital era and the causes for the newspapers
revenue decline were investigated. According to this view, the relevant results do not
indicate news aggregation or search engine services as exclusively liable for this
phenomenon.114 Moreover, the precedents of Germany and Spain had allegedly
indicated an inconclusive but still highly predictable incapability of such a rule to
achieve its intended purpose. It is true that both these two recent ‘ancillary rights’
solutions had been widely criticized in respect of their ineffectiveness to address the
problems that publishers undoubtedly face in the digital environment, including
110
Danbury (2016).
111
Ibid.
112
Being further regarded as contributing, inter alia, to the public’s access to information.
113
Peukert (2016).
114
Bently et al. (2017).
their inefficacy to provide the grounds for increased revenues especially from the
major online service providers. Consequently, these previous national experiences
have been used as an example not to be emulated at EU level, thus anticipating not
only the failure of such an intervention but also its devastating effects. However,
even if such initiatives have failed to achieve their underlying goal, the existence of
a direct connection between their alleged ineffectiveness and the lack of a cross-
border or an EU-wide effect, can neither be ascertained nor eliminated.
Nonetheless, several concerns have been raised on the set of costs deriving from
the establishment of a remuneration right for publishers at EU level. The first con-
sideration concerns the legal uncertainty evoked by the layering of rights over the
same subject-matter of protection. Questioning the rationale behind the creation of
a new right, both academics and other stakeholders have underlined the protection
already granted to press publishers since they already enjoy three sets of harmo-
nized rights, as well as the rights deriving from national copyright law. More pre-
cisely, the national copyright regime provides for the legal protection of publishers
as creators of collective works, for their recognition as related rightholders,115 while
also conferring upon them the right to control the typographical arrangements of
published editions.116 Additionally, publishers enjoy the protection granted under
the sui generis right over newspapers and periodicals as databases, while unfair
competition law is also available for their interests. Therefore, the widespread use
of enhanced technological measures against indexing and crawling is considered as
already addressing and satisfying the press publishers’ needs in respect of unauthor-
ized uses of their digital content.117
This multiplicity of rights118 has been argued to generate ”uncertainties and com-
plexities in rights negotiations and clearance”,119 to create confusion in respect of
the limitations and exceptions applicable to copyright, while also inducing unpre-
dictable—economic and other—repercussions on the exploitation rights afforded to
copyright owners and other rightholders. Beyond the transaction costs accruing
from the establishment of an exclusive right to publishers, it has been further stated
that its equitation with the phonogram producers’ right lacks legal basis since the
appropriate connecting factor for the introduction of a related right to publishers
cannot be identified. On this basis, an argument on copyright’s overexpansion has
been also developed by several critics asserting, in particular, that copyright rules
are misused to grant rights irrelevant with the nature and scope of copyright protec-
115
For instance, in non-original photographs. Such rights may be either conferred upon publishers
by the national legislator or transferred to them automatically, as in the case of employer owner-
ship, or by virtue of an assignment agreement or an exclusive license.
116
As the case in United Kingdom and Greece.
117
Opinion of the CEIPI on the European Commission’s copyright reform proposal, with the focus
on the introduction of neighbouring rights for press publishers in EU law (2016). http://www.ceipi.
edu/fileadmin/upload/DUN/CEIPI/Documents/CEIPI_Opinion_on_the_introduction_of_neigh-
bouring_rights_for_press_publishers_in_EU_final.pdf.
118
That, according to this view, will be further ‘burdened’ by the establishment of a new right for
publishers.
119
Kretschmer et al. (2016).
tion and the policies deriving therefrom, while additionally circumventing the open
access strategies adopted and promoted by the Union. In this regard, the argumenta-
tion against the establishment of the press publishers’ right had further included the
impacts speculated on the open access model as being specifically interrelated with
scientific research.120
From this point of view, there is nothing of substance to be added anew to the
legal protection already granted to press publishers. Consequently, the concrete
benefits sought through the creation of an additional right and foremost, the goal of
facilitating and ensuring the enforcement of press publishers’ rights had been highly
questioned. Notwithstanding the fact that the current issues of complexity and inef-
ficiency in this realm are not disputed,121 the introduction of a neighboring right for
press publishers has been considered as neither facing the problem, nor contributing
to its solution. Since the enforcement of rights presupposes authorship or rights
ownership, the existing multilayering of rights over the same subject-matter has
been deemed as hampering its proof and subsequent determination. For this reason,
an alternative to the introduction of an ancillary right has been suggested by the
means of an extension of the scope of application of Article 5 of the Enforcement
Directive.122 In particular, it has been stated that if press publishers could take
advantage of the legal presumption of authorship or ownership provided therein, the
enforcement of their rights would be sufficiently and effectively guaranteed through
“simple and harmless mechanisms”.123
3.3 Diminishing or Maximizing Uncertainties?
Since the proposed extension of the legal presumption of rights ownership was
underpinned by the aim of preventing the introduction of a related right for press
publishers, the substance per se of such a rule was called into question. First, the
subject-matter of protection of related rights is not copyright works. These rights are
triggered and granted by virtue of the specific investments made by market players
since they are considered as significantly contributing to the production and dis-
semination of a work. On these grounds, de lege lata producers of sound recordings
are granted with a specific neighboring right, as well as film producers and broad-
casting organizations. Within this context, it could be said that the introduction of
120
As the case of universities’ open access repositories. Ibid.
121
From a differentiated, though, perspective.
122
Directive 2004/48/EC of the European Parliament and of the Council of 29 April 2004 on the
enforcement of intellectual property rights. OJ L 157/45. According to this provision, in applying
the measures, procedures, and remedies provided for in this Directive, it shall be sufficient, for the
author of a literary or artistic work, for his/her name to appear on the work in the usual manner in
order to be regarded as such (in the absence of a proof to the contrary) and to be consequently
entitled to institute infringement proceedings. In addition, this presumption applies mutatis mutan-
dis to holders of rights related to copyright with regard to their protected subject-matter.
123
Kreutzer (2016).
the press publishers right runs “fully in line with the scope and structure”124 of those
comparable rights. The rationale behind the establishment of these rights is the eco-
nomic assumption that without the legal protection provided by the related rights
regime, “a market failure would occur”.125 Conversely, if third parties interfere in
the value chain of the protected subject-matter, preventing, as such, investors from
being adequately rewarded for their contribution, the protection that they deserve
for their investment can only be guaranteed through the establishment of an exclu-
sive related right.
According to the opposite view, this is not the case for press publishers since
their contribution and/or investment for the production of press publications cannot
be leveraged by third parties. This argumentation lies on the perception that press
publications fall within the realm of literary works being as such protected by copy-
right law. According to the Infopaq ruling126 and subsequent case law, a work,
defined as the author’s own intellectual creation, is copyright protected provided it
is original. Fulfilling the originality criterion,127 the protection granted to a work
extends to any part of it which shall not be treated differently from the work as a
whole. Since the parts of a work share the originality attributed to the whole work
and contain elements that are the expression of the intellectual creation of the author,
they are protected as such by copyright law. The criterion is not quantitative but
qualitative. Inversely, the unauthorized use of any part of a literary work, such as the
unlawful reproduction and making available to the public of excerpts of newspapers
articles, even if only concerning a part consisted of eleven words,128 constitutes an
infringing act. A similar conclusion has been reached at national level in the
Copiepresse decision.129 In this case, the Brussels Court of Appeal ruled that the
‘cache copy’ service carried out by Google infringed the publishers’ copyrights
over the publication at issue.130 Moreover, the court held that this service is not cov-
ered by any copyright exception or limitation, including the permitted uses of quota-
tion and report on news events, while it is further ineligible of being substantiated
in any rule of law or exercise of fundamental rights.131 Consequently, it has been
124
Hoppner (2018).
125
Position Statement of the Max Planck Institute for Innovation and Competition on the Proposed
Modernisation of European Copyright Rules: PART E: Protection of Press Publications Concerning
Digital Uses. https://www.ip.mpg.de/fileadmin/ipmpg/content/stellungnahmen/MPI_Position_
Statement_PART_E_Publishers_2017_02_21_RMH_VM-def-1.pdf.
126
Supra n. 81.
127
That shall be further construed in an autonomous and uniform manner throughout the Union.
Ibid.
128
Consisting of the question brought before the court in the Infopaq case.
129
Brussels Court of Appeal, Copiepresse SCRL & alii v. Google Inc., Judgment of 5 May 2011.
130
Contrary to the conclusion reached, in a similar case, by the Spanish Supreme Court. Supra n.
68.
131
Furthermore, there is a relevant debate on the eligibility of Google’s catching system to fall
within the ‘transient copying’ exception provided under Article 5(1) of Infosoc Directive and more
precisely, on whether the reproduction made by Google News should be characterized as transient
or not, as well as on the substance of its economic significance. An additional (to the reproduction
accordingly stated that press publishers can rely upon the already existing copyright
rules and case law, being able, as such, to effectively control the further use of their
publications. However, this rather oversimplified perception of press publications as
literary works is incapable of addressing both the substance and nature of press
publications per se, as well as the complex issues deriving from their massive re-use
in the digital environment.
Speaking of uncertainties, the scope of protection of Article 11 (now Article 15)
has been criticized as overbroad, while the definitions provided therein have been
described as rather vague. More precisely, it has been argued that the Proposal failed
to accomplish its stated goal, thus not limiting the subject-matter of the press pub-
lishers’ right to “works and uses presently protected by authors’ rights”.132 As it had
been respectively stated, if press publishers were granted with a related right over
original publications, both the public copyright licenses, such as Creative Commons,
and the works falling within the public domain could be restricted. Given that the
public domain consist of a “metaphysical public forum”133 where the exclusive con-
trol of property owners is no longer relevant, such an expansion of rights would
imply both intended and unintended consequences for both economic and cultural
actors, as well as for society at large, thus “impinging greatly on freedom of expres-
sion and democratization, while favoring centralization of information”.134
In respect of the terminology adopted under the Proposal, it was criticized per se
as leaving too much room for interpretations. A characteristic example was the
inclusion of the “indefinite” term of news websites in the indicative list concerning
the definition of press publications,135 as well as of the norm of publishers per se,
thus not specifying the state of potential international beneficiaries.136 However, it is
expressly provided, under the final text adopted, that the press publishers granted
with the legal protection provided under the Directive are the publishers which are
established in a Member State and have their registered office, central administra-
tion, or principal place of business within the Union.
In respect of the desired uniformity at EU level, the European Commission had
itself illustrated the limited level of harmonization previously achieved. Although
the Infosoc Directive provided for a number of exception and limitations to exclu-
sive rights, their implementation at national level remained optional. Consequently,
a number of substantial disparities remained in place. As a result, a great number of
commentators had described the introduction of a new right for press publishers as
right) controversy has also been developed on the grounds of a potential infringement of the mak-
ing available to the public right. Van Eechoud et al. (2009).
132
Supra n. 124.
133
Frosio (2018).
134
Supra n. 139.
135
A reference that also persisted in the final version of the Proposal under Recital 56.
136
It has been argued that since not provided by the wording of Article 11, a question remained as
to the place where the eligible for protection publication should be published to be eligible or not
for protection, as well as in relation to the criteria (i.e., nationality) applying to beneficiaries espe-
cially in the case of international situations. Rosati (2018).
creating an additional layer of (currently) 28 national rights on which a variety of

exceptions and limitations could be further imposed by the national legislator.
Within this framework, the most important concern was interrelated with the quota-
tion exception. The question raised, in particular, was whether the reproduction of
short excerpts could be perceived as falling within the realm of this (non-mandatory)
exception under the EU acquis.137 However, even if this exception could be realized
as a mandatory rule by virtue of the wording adopted by the Berne Convention,138
the treaty does not apply to related rights, profoundly entailing the new ancillary
right for publishers. Consequently, Member States would retain their discretion not
to implement the quotation exception under the Infosoc Directive139 in respect of the
publishers’ right. The first conclusion reached by this analysis140 is rather obvious
thus related to the fact that this right will be subject to divergences from one juris-
diction to another within the Union, increasing as such the legal uncertainty in a
rapidly transformative area. The second refers to the possibility that the new right
could be (or is intended to be) significantly stronger than copyright since sharing the
same scope and depth of protection. In addition, since the quotation exception under
EU law refers to the purposes of criticism or review, the implication of an impact on
other fundamental rights, such as the freedom of expression, has also been specu-
lated on a case-by-case basis. In this regard, the freedom of access and the rather
misunderstood ‘freedom of the internet’ principles had also intervened in the rele-
vant argumentation. More precisely, the press publishers’ right had been, inter alia,
accused of breaking the internet. According to this view, if the re-use of snippets is
restricted or more precisely, forbidden without a prior authorization from the right-
holder, then hyperlinking is necessarily implicated,141 especially if considering that
the architecture of the web is built on links, quotations, and snippets. It is for this
reason that the EU-wide right for press publishers, as well as the relevant national
regimes, have been described as “link censorship laws”.142
137
According to Article 5(3)(d) of the Infosoc Directive, Member States may provide (emphasis
added) for exceptions and limitations to the reproduction, communication to the public and making
available to the public rights in a number of cases, including quotations for purposes such as criti-
cism or review, provided that: (i) they relate to a work or other subject-matter which has already
been lawfully made available to the public, (ii) that, unless this turns out to be impossible, the
source, including the author’s name, is indicated, and that (iii) their use is in accordance with fair
practice, and to the extent required by the specific purpose.
138
Since the international treaty dictates under Article 10(1) that it “shall be (emphasis added)
permissible to make quotations from a work which has already been lawfully made available to the
public, provided that their making is compatible with fair practice, and their extent does not exceed
that justified by the purpose, including quotations from newspaper articles and periodicals in the
form of press summaries”.
139
Article 5(3)(d) of the Copyright Directive.
140
As demonstrated in the Study for the JURI Committee on the press publishers’ right. Supra n.
75.
141
Despite the assertion to the contrary. Keller (2016).
142
https://savethelink.org/.
However, on the opposite side, it is exactly this admitted legal uncertainty that
dictates the establishment of a new harmonized right for press publishers as
specifically concerning the massive online availability and re-use of press publica-
tions by information society service providers. This uncontrolled practice that implies
severe repercussions on both rightholders and users, while also impinging on econ-
omy, society, and democracy per se in multiple ways, had profoundly to be regulated
in a uniform manner throughout the EU. The objectives that are simultaneously pur-
sued reflect the longitudinal battle of copyright law to achieve a fair balance between
conflicted rights and interests. As it had been respectively stated, it is the high level
of protection for rightholders that needs to be ensured especially in the complex and
rather chaotic digital environment. It is the need to preserve the access of the public
to information and foremost, to reliable information. It is the freedom and plurality
of the press and quality journalism that have to be safeguarded by securing the sus-
tainability of the EU publishing sector. It is the recognition of the multidimensional
contribution of European publishers to the public debate and proper functioning of a
democratic society. It is the guaranteeing of the proper functioning, competitiveness,
and sustainability of the internal market in the light of an extremely demanding envi-
ronment. At the very end, it is the actualization of the foundational objectives pur-
sued through the establishment of the internal market per se.143
3.4 The Pie Theory and the Impact on Authors’ Shares
As already demonstrated, a strong voice was raised within this controversial back-
ground that questioned the legal basis for establishing a new related right for press
publishers, further emphasizing on the economic rationale and effects of such a
legislative intervention. In this regard, the addendum of a new category of righthold-
ers over the same subject-matter has been speculated to cut into the existing royalty
pie, impinging, as such, on the authors’ rate-setting regime. As respectively stated,
the “new royalties stemming from neighbouring rights are going to be distributed at
the expense of those receiving royalties from authors’ rights today”.144 Provided that
users might seek to reduce the fees payable to authors or other rightholders if adding
a new category of beneficiaries who would be entitled to claim royalties deriving
from the same acts of exploitation concerning the same subject-matter, the eco-
nomic value of each right is speculated to be reduced.145
According to the Impact Assessment accompanying the Proposal, the “introduc-
tion of a related right covering digital uses of press publications is not expected to
generate higher license fees for online service providers”.146 On the other hand,
though, it was argued that the impact on authors has not been assessed. According
143
Recitals 1–3, 54–55 of the final text of the Directive.
144
Supra n. 139.
145
Pomianowski (2016).
146
Supra n. 13.
to this perspective, in the case where the royalty pie remains unchangeable,147 the
authors’ share will be inevitably diminished. However, even in the case where the
pie would grow, that “surplus would presumably be taken by press publishers in the
exercise of their related right”.148 In both cases, it cannot be excluded that the con-
tent creators’ visibility will not be harmed. In addition, a combined reading of
Articles 11 and 12149 of the Proposal had raised further concerns on the grounds that
these two provisions “might bestow upon publishers two revenue streams if the
same remunerated exceptions or limitations (e.g. private copying and educational
use) are given for authors’ and neighbouring rights”.150 Within this context, the
overall functioning of the copyright system has been argued to be threatened by
claiming that it should primarily secure fair remunerations to creators and safeguard
the public’s access to creative content rather than merely compensating the invest-
ment of other rightholders.
On this basis, the European Federation of Journalists was also opposed to the
creation of a new right for publishers. Stating their exclusion from any revenue
increase in respect of press products in Germany and Spain, journalists asserted that
not only their content would reach internet users with great difficulty, but also that
publishers would “receive remuneration without creating any content, while they
would remain empty-handed”.151
4 T
he Alternative(s) Proposed Against the Press
Publishers’ Right
Copyright law is founded on the concept of balance; encompassing simultaneously

the rights and interests of authors and rightholders in general and the rights and
interests of the public, the conflicts inevitably arising are resolved on the basis of the
principle of fair balance.152 In respect of the press publishers’ right, the question on
where the line shall be drawn between legal protection and access to creative con-
tent eventually reached a final consensus. As it had been previously stated, the legal
protection afforded to press publishers neither extends to private or non-commercial
147
Following the introduction of the new press publishers right.
148
Van Gompel (2017).
149
Renumbered as Articles 15 and 16 in the text of the Directive adopted. In respect of Article 16,
it provides for the discretion of Member States to provide that in the case where the author has
transferred or licensed a right to the publisher, such a transfer or a license constitutes a sufficient
legal basis for the publisher to be entitled to a share of the compensation for the uses of the work
made under an exception or limitation to the transferred or licensed right.
150
Supra n. 141.
151
EDiMA. Directive Copyright in the Digital Single Market: The impact of Article 11—publisher
rights. http://edima-eu.org/wp-content/uploads/2017/11/EDiMA-DE-Policy-Brief-on-Publisher-
Rights.pdf.
152
Both in the institutional, namely the legislative framework and in the judicial context.
uses of press publications carried out by individual users, nor covers acts of hyper-
linking. Moreover, individual words or very short extracts of press publications are
also excluded from the scope of application of this right which shall further leave
intact and in no way affect the rights provided for in Union law to authors and other
rightholders as regards as works and other subject-matter of protection incorporated
in a press publication. However, prior to the achievement of this compromise a
number of alternatives to the introduction of such a right have been proposed. As
previously stated, the opponents of this provision suggested the extension of the
legal presumption established under the Enforcement Directive153 in order to addi-
tionally cover press publishers. This alternative was considered as a much less con-
troversial intervention (than the creation of a new right) that would properly address
the licensing and enforcement issues that press publishers face in the digital
environment.154
According to this proposal,155 the publisher of a press publication shall be
regarded as the person entitled to conclude licenses and to seek rights enforcement
in respect of the “digital use of the works and other subject-matter incorporated in
such a press publication, provided that the name of the publisher appears on the
publication”.156 Furthermore, this presumption should not be invoked against
authors and other rightholders (especially as regards the exploitation of their indi-
vidual contributions) and could be rebutted by the defendant on the grounds that the
material used was either licensed by the author or belongs to the public domain.
According to this view, the installation of a new layer of rights in copyright law
would subsequently be unnecessary since “publishers would be empowered to
address actual copyright infringements of news articles and conclude new licensing
agreements”.157 However, the final compromise amendment of Article 11 did not
entail a legal presumption in favor of press publishers. Although providing for sig-
nificantly differentiated rules in relation to the initial proposal,158 the option to con-
153
Supra n. 129.
154
Proposals to Directive on copyright in DSM—presumption for publishers of press publications
(2017). http://www.dekuzu.com/en/2017/10/proposals-to-directive-on-copyright-in-dsm-pre-
sumption-for-publishers-of-press-publications.html.
155
Initially proposed in September 2017 by the Estonian Presidency. More precisely, this compro-
mise proposal included two completely different options; the first was to keep Article 11 in the
form originally proposed with slight differences. The second introduced the replacement of the
provision by a rebuttable presumption that the publisher shall be regarded as the legitimate right-
holder to all protected works incorporated in the respective press publication in the absence of a
proof to the contrary. This solution was adopted and further proposed by the Former Rapporteur of
the Committee for Legal Affairs (JURI), Therese Comodini Cachia (EPP, Malta).
156
CA 12bis - Article 11: ALTERNATIVE (Supported by Greens and GUE). http://www.europarl.
europa.eu/cmsdata/149561/juri-committee-compromise-amendments-copyright-dsm.pdf.
157
Julia Reda discusses the current Proposal for a Directive on copyright in the
Digital Single Market (2018). http://copyrightblog.kluweriplaw.com/2018/06/18/julia-
reda-discusses-current-proposal-directive-copyright-digital-single-market/?print=print.
158
Such as the term of protection of the press publishers’ right which was limited to five (5) years
instead of its 20-year initial duration; the final text of this provision as adopted by the European
Parliament provides, as aforementioned, for a two-year term.
fer upon publishers of press publications an exclusive related right, prevailed.

Indeed, the distinction between the qualification of press publishers as related right-
holders and the establishment, by extension, of a presumption of ownership, is
crucial provided that, inter alia, such a presumption can be reversed by evidence or
expressly set aside by contract. In this regard, it could be said that the alternative
concerning the protection of press publishers on the grounds of a transfer of rights
is also incapable of addressing the needs of the publishing sector, while further
entailing a number of risks; for instance, the fact that the transferee may not be
endowed with the moral rights on the work.
Prior to the introduction of a number of significant limitations to the press pub-
lishers’ right as incorporated into the final version of the text eventually adopted,159
two different alternatives were additionally proposed. The first took the form of a
limitation to this new right per se, thus aligning it with a substantial investment to
the circumstances that would run in accordance with the requirements of the sui
generis right allocated to the maker of a database.160 The second one was to re-build
the quotation exception under Article 5(3)(d) of the Infosoc Directive as a manda-
tory one.161
Lastly, the establishment of a regulatory framework that would be based on
cooperation between the media and technology companies rather than
confrontation,162 has been further provided as serving the creation of a sustainable
business model for the press within the framework of digital transformation. Under
this view, the ‘failure’ of the national precedent in respect of the publishers’ related
right had clearly demonstrated that the establishment of mandatory and/or inalien-
able fees in relation to the distribution of digital information is a mistake. On the
contrary, the cooperation model proposed included alternative initiatives through
the implementation of projects such as the “Digital News Initiative”,163 the
“Accelerated Mobile Pages Project”,164 and the “Facebook Journalism Project”.165
However, it could be stated that such cooperation-based initiatives are neither dis-
couraged nor in any way precluded from the establishment of the right for
publishers.
159
Concerning, in particular, the reduced term of protection thus lasting only for two (2) years and
the exclusion of isolated words or very short extracts of press publications from the scope of the
right.
160
Recitals 19, 39, 41, 42, 44, 46, 49, 50, 51, 54, 55 and Articles 7–10 of the Directive 96/9/EC of
the European Parliament and of the Council of 11 March 1996 on the legal protection of databases,
OJ L 77/20.
161
Supra n. 104.
162
A digital agreement: The media and technology companies need to move forward together
(2017). https://elpais.com/elpais/2017/03/24/inenglish/1490355715_551697.html.
163
https://newsinitiative.withgoogle.com/dnifund/.
164
https://www.ampproject.org/.
165
https://www.facebook.com/facebookmedia/blog/introducing-the-facebook-journalism-project.
5 Conclusions
Since its inception, copyright law has struggled to find the appropriate equilibrium
between diverging rights and interests. The transition to the digital era and the goals
pursued therefrom, had signified the nature, scope, and depth of the copyright
regime in a modernization process that inevitably implied complexities, harsh
uncertainties and rather difficult decisions. Professors Lionel Bently and Valeria
Falce demonstrated the objectives sought under this EU intervention. In particular,
they underlined that the “goals are sound”, thus including, inter alia, the adaptation
of copyright to the digital ecosystem and the challenges of new technologies, the
strengthening of the effectiveness of rights, and the promotion of an enriched rela-
tionship between authors/publishers and the general public.166 Nonetheless, the
pathway of this groundbreaking legislative intervention towards its approval and
further implementation would be tortuous, being thus affected by contradictory per-
spectives even amongst the European institutions. Article 11 along with Article 13
of the Proposal constituted the substantive pillars of this controversy. It is notewor-
thy that the European Parliament's Committee on Culture and Education (‘CULT’)
proposed, in its draft report of February 6, 2017, the fundamental revision of the
proposal “if it was to be accepted by the Parliament”. In this regard, the Committee
on the Internal Market and Consumer Protection of the European Parliament
(‘IMCO’) suggested abandoning the press publishers right in its entirety because it
“lacked sufficient justification and was not appropriate in achieving its objectives”.167
Despite the compromise attempts, the mandatory license fees for the digital use
of press publications under Article 11 of the Proposal and the control—through
automated content filtering technologies—over web platforms and internet service
providers administering user-generated content under Article 13, became eventually
the major impediments to the adoption of the Directive in its entirety. As already
stated, these two provisions were strongly supported and simultaneously criticized
by a wide range of stakeholders. On the one hand, the publishing sector168 and in
general, content owners, pushed for their adoption along with European film and
TV federations and thousands of artists, with Paul Mc Cartney and Placido Domingo
featuring prominently in this debate. On the other hand, there were the leaders of the
technological and digital world, such as Facebook and Google, and, in a broader
sense, online platforms and news aggregation services, while internet users and civil
liberties groups were also against this reform. Lastly, political representatives from
various groups within the European Parliament were also divided.169
166
Rosati (2017b).
167
Karapapa (2018).
168
Including EMMA, ENPA, EPC, and NME. See more at: https://www.publishersright.eu/
background.
169
In this regard, more than a hundred members of the European Parliament called for the deletion
of Article 11 of the Directive on copyright in the digital single market, requesting, in contrast, an
“alternative, less invasive, and more proportionate solution to support quality journalism and
freedom of the press in the digital age”. https://www.digitalagendaintergroup.eu/
more-than-a-hundred-meps-oppose-new-publishers-right/.
On July 5, 2018, the European Parliament voted against the compromise agree-
ment of the new copyright regime that was previously adopted by the Committee on
Legal Affairs of the European Parliament.170 It has been described as a “dramatic
and surprising turn of events”171 which was paradoxically perceived as a victory for
both tech global giants and digital rights activists who have played a key-role in this
undeclared copyright war. This fight against the EU copyright law reform evolved
into the “Save Your Internet from censorship and control” campaign, entailing street
protests and an online collection of signatures procedure.172 On the opposite side,
the critics of this EU intervention were accused of supporting ‘American First’ poli-
cies and the internet capitalism as represented by major US platforms. Provided that
the Proposal was intended to prevent the unauthorized exploitation of works of the
European creators on the internet, especially from the “giants of the Silicon Valley”,
its opponents were accused of inexplicably obstructing the prevention of online
copyright infringements through the establishment of fair remuneration rights.173
On the opposite side of the same coin, it was contested that only those targeted Big-
Tech companies “such as Facebook, YouTube and Twitter are likely to remain open
to users posting and sharing content freely”.174
Going back to the history of this long-lasting and adventurous overhaul, the
European Parliament had first rejected the Proposal instead of initiating the so-
called ‘fast track’ trilogue negotiation process.175 Consequently, the draft legislation
returned to the drawing board and was subject to a sudden reevaluation process. It
could be said that the still pending negotiation process for the United Kingdom’s
departure from the European Union had also thwarted the adoption of this legisla-
tive initiative. The task was definitely not easy. Even at the very end, an amendment
referring to the withdrawal of the debating components of the Directive including
Articles 11 (i.e., Article 15) and 13 (i.e., Article 17), was rejected by just five
votes.176 However, an end was eventually reached. The European Parliament voted
in favor of this “bitterly divisive”177 legislative package that changes the status – quo
of copyright law as adapted to the digital era. Providing for the five substantive
evolutions that this copyright reform generates, while also demonstrating the equi-
librium achieved, the European Parliament signified that: (a) internet platforms are
now liable for the users uploaded content; (b) some uploaded material, such as
memes or GIFs, are now specifically excluded from the scope of application of the
rights adopted; (c) hyperlinks to news articles, accompanied by individual words or
170
Supra n. 6; Standeford (2018); Keslassy (2018).
171
Supra n. 6.
172
See more at: https://juliareda.eu/2018/08/saveyourinternet-action-day/.
173
Lomas (2018).
174
Times Editorial Board (2019), Copyright holders win big in Europe, but at what cost?. https://
www.latimes.com/opinion/editorials/la-ed-eu-copyright-directive-20190327-story.html.
175
Pakenham-Walsh (2018).
176
Temperton and Reynolds (2019), Cafolia (2019) and Vincent (2019).
177
Anderson (2019).
very short extracts, can be shared freely; (d) journalists are now entitled to and must
get a share of any copyright-related revenue obtained by their news publisher; and
(e) start-up platforms are subject to lighter obligations.178 The International
Publishers Association (‘IPA’) and the Federation of European Publishers wel-
comed the vote by manifesting the establishment of a necessary legal framework for
publishers to be able to continue “investing in such a beautifully diverse industry”,
while also underlining the significance of this decision for “European culture, inno-
vation, access to knowledge and creativity”.179 The President of GESAC, the
European Grouping of Societies of Authors and Composers, stated that this is an
unprecedented and historic victory for European creators and democracy.180
In direct contradiction with this reaction, the opponents of the Directive insisted
on fighting against its establishment, thus speaking of a sad or even a dark day for
the freedom of internet.181 Within this context, wide demonstrations had taken place
across Europe in opposition to this copyright reform182; it has been described as
imposing an even more restrictive enforcement, failing, as such, to appropriately
address and resolve the copyright issues involved in the digital era.183 On the other
hand, this opposition as a whole was described as a “tide of misinformation”.184
Nonetheless, the Copyright in the Digital Single Market Directive is now a real-
ity. Following its publication in the Official Journal, Member States have until June
7, 2021 to transpose the new rules to their national legal systems. As it has been
respectively stated, that provides the time to “ensure maximum legal clarity” in the
corpus of the Directive, and to “shield smaller European platforms from unintended
consequences”,185 addressing, as such, the concerns and widespread implications
that the new copyright regime profoundly implies. However, the strong debate sur-
rounding the Directive had already removed at national level demonstrating that the
implementation stage will be rather harsh. In France (being the first Member State
to implement the new copyright regime), the upcoming entry into force of the
national press publishers’ right received Google’s clear denial to pay any fees for
the digital use of press content, further stating that it will not enter into any licensing
agreement with publishers. Instead, a modification to the manner in which the rel-
evant results will be displayed in the search-engine platform has been announced,
meaning that no snippets nor short extracts from press publications will be provided
178
European Parliament. Press Release of 26 March 2019. http://www.europarl.europa.eu/news/en/
press-room/20190321IPR32110/european-parliament-approves-new-copyright-rules-for-the-
internet.
179
Supra n. 184.
180
https://www.politico.eu/article/european-parliament-approves-copyright-reform-in-final-vote/.;
http://authorsocieties.eu/mediaroom/338/33/Copyright-Directive-historic-victory-for-creators-and-
European-democracy.
181
Bonnici (2019) and Wodecki (2019).
182
Heijmans (2019).
183
Ibid.
184
Grabham (2019).
185
https://www.ft.com/content/233528e2-4cce-11e9-8b7f-d49067e0f50d.
unless publishers tell “that’s they want”. Franck Riester, the French Minister of
Culture, described the Google’s statement as “not acceptable”, underlining the need
for a “global negotiation”. In addition, the tech-giant has been accused as “putting
itself above the law”, while French publishers dictate that their loss of revenues
in the online advertising market comes up to €320 million euros per year.186
Notwithstanding the controversies and the new battles to be given at national level,
this copyright overhaul consists of the “world-first legislation” that has recognized
the need to strike a fair balance between conflicting rights and interests in the digital
environment.187 For this reason alone, the 26th of March was a critical and historic
moment for the EU legislation and the Union as a whole.
References
Anderson P (2019) European Parliament votes in favor of controversial copyright directive. https://
publishingperspectives.com/2019/03/european-parliament-votes-in-favor-of-controversial-
copyright-directive/. Accessed 26 Mar 2019
Bailey J (2018) Breaking down the new EU copyright bill: Article 11. https://www.plagiarismto-
day.com/2018/06/26/breaking-down-the-new-eu-copyright-bill-article-11/
Bently L et al (2017) Strengthening the position of press publishers and authors and performers
in the Copyright Directive. Policy Department for Citizens’ Rights and Constitutional Affairs:
Directorate General for Internal Policies of the Union PE 596.810. http://www.europarl.europa.
eu/RegData/etudes/STUD/2017/596810/IPOL_STU(2017)596810_EN.pdf
Bonnici J (2019) ‘Sad day for internet freedom’ - controversial ‘meme killing’ EU copyright
directive gets final rubber stamp from legislators. https://lovinmalta.com/news/news-politics/
sad-day-for-internet-freedom-controversial-meme-killing-eu-copyright-directive-gets-final-
rubber-stamp-from-legislators. Accessed 27 Mar 2019
Cafolia A (2019) The EU just voted in a controversial, internet-changing law. https://www.dazed-
digital.com/science-tech/article/43824/1/european-parliament-vote-in-article-13-11-copy-
right-law-meme-ban. Accessed 27 Mar 2019
Caldaza J, Gil R (2018) What do news aggregators do? Evidence from Google News in Spain and
Germany. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2837553. Accessed 25 Mar
2019
Cooke C (2019) The record industry comments on the bloody Copyright Directive. https://com-
pletemusicupdate.com/article/the-record-industry-comments-on-the-bloody-copyright-direc-
tive/. Accessed 27 Mar 2019
Danbury R (2016) Is an EU publishers’ right a good idea?’ Evaluating potentiallegal responses
to threats to the production of news in a digital era, University of Cambridge Final report
on AHRC project: Evaluating potential legal responses to threats to the production of news
in a digital era. https://www.cipil.law.cam.ac.uk/sites/www.law.cam.ac.uk/files/images/www.
cipil.law.cam.ac.uk/documents/copyright_and_news/danbury_publishers_right_report.pdf.
Accessed 16 Feb 2019
186
Khan, M., Murgia, M., and Barker, A., “Google under fire over not paying for news content
in Europe”, https://www.ft.com/content/a451ffda-df87-11e9-9743-db5a370481bc; Kayali, L.,
“Google refuses to pay publishers in France”, https://www.politico.eu/article/licensing-agreements-
with-press-publishers-france-google/.
187
Cooke (2019).
Essers L (2014) German publishers capitulate and let Google post news snippets -- for now. https://
www.pcworld.com/article/2838252/german-publishers-capitulate-and-let-google-post-news-
snippets-for-now.html
Frosio G (2018) Reconciling copyright with cumulative creativity: the third paradigm. Edward
Elgar Publishing, Cheltenham
Grabham D (2019) What is Article 13? We explain the EU’s new copyright law. https://www.
pocket-lint.com/gadgets/news/147585-what-is-article-13-we-explain-the-eu-s-new-copyright-
law. Accessed 27 Mar 2019
Heijmans PJ (2019) Is European Parliament’s new copyright law an attack on free speech?
Accessed 27 Mar 2019
Hernández P (2014) Key aspects of the new reform of the Spanish Copyright Act.
http://copyrightblog.kluweriplaw.com/2014/11/10/key-aspects-of-the-new-reform-of-the-
spanish-copyright-act/
Hirche T (2015) GPTO rules on “tariff press publishers”. http://ancillarycopyright.eu/
news/2015-09-25/gpto-rules-tariff-press-publishers
Hoppner T (2018) EU copyright reform: the case for a publisher’s right. Intellectual Property
Quarterly 1/2018. Available via SSRN. https://ssrn.com/abstract=3081733
Hoppner T, Kretschmer M, Xalabarder R (2017) CREATe public lectures on the proposed EU right
for press publishers. Eur Intellect Prop Rev 39(10):607–622. Available via SSRN. https://ssrn.
com/abstract=3050575
Karapapa S (2018) The press publication right in the European Union: an overreaching proposal
and the future of news online. In: Bonadio E, Lucchi N (eds) Non-conventional copyright: do
new and non-traditional works deserve protection? Edward Elgar. Available via SSRN. https://
ssrn.com/abstract=3118457
Keller P (2015a) More evidence from Germany: ancillary copyright still not working. https://
www.communia-association.org/2015/10/19/more-evidence-from-germany-ancillary-
copyright-still-not-working/
Keller P (2015b) Research confirms: new Spanish ancillary copyright is actually good for no
one. https://www.communia-association.org/2015/09/09/research-confirms-new-spanish-
ancillary-copyright-is-actually-good-for-no-one/
Keller P (2016) EU commission: yes, we will create new ancillary copyright for news publish-
ers, but please stop calling it a “link tax”. https://www.communia-association.org/2016/08/25/
eu-commission-yes-will-create-new-ancillary-copyright-news-publishers-please-stop-calling-
link-tax/
Keslassy E (2018) European Parliament rejects copyright reforms. https://variety.com/2018/
digital/news/european-parliament-rejects-copyright-reforms-1202865640/
Kretschmer M, Dusollier S, Geiger C, Hugenholtz PB (2016) European Copyright Society: answer
to the EC Consultation on the role of publishers in the copyright value chain. https://european-
copyrightsocietydotorg.files.wordpress.com/2016/06/ecs-answer-to-ec-consultation-publish-
ers-role-june16.pdf. Accessed 2 Mar 2019
Kreutzer T (2011) German copyright policy 2011: introduction of a new neighbouring right for
press publishers? Comput Law Secur Rev (CLSR) 27:214–216
Kreutzer T (2016) How to solve the only specific problem of press publishers with copy-
right without an ancillary copyright. http://ancillarycopyright.eu/news/2016-11-23/
how-solve-only-specific-problem-press-publishers-copyright-without-ancillary-copyright
Lomas N (2018) MEPs vote to reopen copyright debate over ‘censorship’ controversy. https://
techcrunch.com/2018/07/05/european-meps-vote-to-reopen-copyright-debate-over-censor-
ship-controversy/?guccounter=1
Matulionyte R (2018) The right to published editions: historical lessons to be learned. https://ssrn.
Nikolinakos N, Papadopoulou MD, Moustaka EM (2019) Enforcement of intellectual property

rights in Greece. In: Petillion F (ed) Enforcement of intellectual property rights in the EU
Member States. Intersentia, Cambridge, p 523
Pakenham-Walsh R (2018) Draft Copyright Directive in state of flux as European Parliament
rejects controversial proposals. https://intellectualpropertyblog.fieldfisher.com/2018/draft-
copyright-directive-in-state-of-flux-as-european-parliament-rejects-controversial-proposals
Peukert A (2016) An EU related right for press publishers concerning digital uses. A legal analysis.
Research Paper No. 22/2016 of the Faculty of Law, Goethe University Frankfurt am Main.
https://www.eco.de/wp-content/blogs.dir/copyright_-legal-analysis.pdf
Pfanner E (2012) Germany trying to cut publishers in on web profits. https://www.nytimes.
com/2012/03/12/business/global/germany-trying-to-cut-publishers-in-on-web-profits.html
Plantada RX (2014) A bill to amend the Spanish IP law. http://copyright-
b l o g . k l u w e r i p l a w. c o m / 2 0 1 4 / 0 7 / 1 0 / a - b i l l - t o - a m e n d - t h e - s p a n i s h - i p - l a w / ? _
ga=2.113966087.1059966912.1535386652-1381027617.1524634272#goo
gle
Pomianowski J (2016) Toward an efficient licensing and rate-setting regime: reconstructing § 114
(i) of the copyright act. Yale Law J 125:7. Available via Digital Commons. https://digitalcom-
mons.law.yale.edu/cgi/viewcontent.cgi?referer=https://www.google.com/&httpsredir=1&artic
le=5753&context=ylj
Priora G (2018) News aggregation and the reform of EU copyright law. https://cmds.ceu.edu/
article/2018-07-03/news-aggregation-and-reform-eu-copyright-law#_ftn5
Rauer N (2017) CJEU to rule on press publishers’ neighbouring right. https://www.lime-
greenipnews.com/2017/05/cjeu-to-rule-on-press-publishers-neighbouring-right/. Accessed
Aug 2018
Rauer N, Shaw A, Thornton P (2018a) European Parliament votes to reject controversial Copyright
Directive proposal. https://www.limegreenipnews.com/2018/07/european-parliament-votes-
to-reject-controversial-copyright-directive-proposal/. Accessed 8 July 2018
Rauer N, Shaw A, Thornton P (2018b) DSM Watch: the new Copyright Directive – recent devel-
opments on the proposed Ancillary Right for Press Publishers. https://www.hlmediacomms.
com/2018/04/16/dsm-watch-the-new-copyright-directive-recent-developments-on-the-pro-
posed-ancillary-right-for-press-publishers/
Rosati E (2013) What happened after the German Lex Google? Google News became opt-in.
http://ipkitten.blogspot.com/2013/06/what-happened-after-german-lex-google.html
Rosati E (2014) What is the recent Spanish IP reform all about copyright-wise?. http://ipkitten.
blogspot.com/2014/11/what-is-recent-spanish-ip-reform-all.html
Rosati E (2017a) Is the German press publishers’ right lawful? More details on the CJEU refer-
ence. http://ipkitten.blogspot.com/2017/10/is-german-press-publishers-right-lawful.html/
Rosati E (2017b) Waiting for the approval of the EU Directive on copyright in the Digital Single
Market. http://ipkitten.blogspot.com/2017/09/waiting-for-approval-of-eu-directive-on.html
Rosati E (2018) Sleepwalking towards a perpetual (news?) publishers’ right in online publications.
http://ipkitten.blogspot.com/2018/05/sleepwalking-towards-perpetual-news.html
Rosati E (2019) BREAKING: Agreement on DSM Directive reached in trilogue. http://ipkitten.
blogspot.com/2019/02/breaking-agreement-on-dsm-directive.html. Accessed 13 Feb 2019
Schlosberg J (2017) Media ownership and agenda control: the hidden limits of the information
age. Routledge, p 60
Standeford D (2018) European Parliament rejects starting negotia-
tions on copyright reform proposal. http://www.ip-watch.org/2018/07/05/
european-parliament-rejects-starting-negotiations-copyright-reform-proposal/
Talke A (2017) The “Ancillary Right” for Press Publishers: the Present German and Spanish leg-
islation and the EU proposal. http://library.ifla.org/1849/1/119%20talke%20en.pdf. Accessed
20 Nov 2017
Temperton J, Reynolds M (2019) The European Parliament has voted in favour of Article 13.
https://www.wired.co.uk/article/eu-article-13-vote-article-17. Accessed 27 Mar 2019
Van Eechoud M (2017) Freedom of expression implications. In: A publisher’s intellectual property
right: implications for freedom of expression, authors and open content policies. Instituut voor
Informatierecht (IVIR). Available via OpenForum Europe (OFE). http://www.openforumeu-
rope.org/wp-content/uploads/2017/01/OFE-Academic-Paper-Implications-of-publishers-
right_FINAL.pdf
Van Eechoud M et al (2009) Harmonizing European copyright law: the challenges of better law-
making. Kluwer Law International
Van Gompel SJ (2017) Better regulation for copyright. The proposed publishers’ right in press
publications: an evidential mistake. https://www.ivir.nl/publicaties/download/Publishers-
right_SvG.pdf. Accessed 25 Aug 2018
Vidal ÁG (2014) Key points of the amendmentto the Spanish Intellectual Property Act effected by
Act 21/2014. https://www.ga-p.com/wp-content/uploads/2018/07/key-points-of-the-amend-
ment-to-the-spanish-intellectual-property-act-effected-by-act-21-2014.pdf. Accessed 15 Nov
2018
Vincent J (2019) Europe’s controversial overhaul of online copyright receives final approval.
https://www.theverge.com/2019/3/26/18280726/europe-copyright-directive. Accessed 27 Mar
2019
Vollmer T (2018) MEP Voss doubles down on worst elements of Article 11. https://www.commu-
nia-association.org/2018/03/29/mep-voss-doubles-worst-elements-article-11/
Whitmore NJ (2015) Extending copyright protection to combat free-riding by digital news aggre-
gators and online search engines. Cathol Univ J Law Technol 24(1)
Wodecki B (2019) EU Copyright Directive: a dark day for internet freedom? http://www.ippro-
magazine.com/ippromagazinenews/article.php?article_id=6603. Accessed 27 Mar 2019
Xalabarder R (2012) Spanish Supreme Court rules in favour of Google search engine and a flex-
ible reading of copyright statutes? JIPITEC 3:162, para 1. https://www.jipitec.eu/issues/jipi-
tec-3-2-2012/3445/xalabarder.pdf. Accessed 17 Nov 2018
Xalabarder R (2014) The remunerated statutory limitation for news aggregation and search
engines proposed by the Spanish Government – its compliance with International and EU Law.
http://in3-working-paper-series.uoc.edu/in3/en/index.php/in3-working-paper-series/article/
download/2379/2379-8583-1-PB.pdf. Accessed 12 Oct 2018
Chapter 6
Author’s Right to Choose: Right
of Divulgation in the Online Digital Single
Market of the EU
Branka Marušić
Abstract This chapter provides an analysis in the material scope of application of

the moral right of divulgation and the economic right of communication to the pub-
lic in the EU’s digital single market. The aim is to bring forward arguments why the
application of both rights should only be addressed through the protection afforded
by the economic right. The rationale behind this is that the right of divulgation, as a
moral right of the author, and the right of communication to the public, as an eco-
nomic right of the author, both share the same trigger point for their application.
This trigger point consists of the author’s choice in sharing her or his work with the
public, in which the author of the work also chooses the manner, shape and place
where this sharing will occur.
Unlike the economic right of communication to the public, which has been har-
monised in the EU, the right of divulgation, as a moral right is deeply rooted in the
national legislative and judicial interpretation of the Member States that recognise
this moral right of the authors. In line with this and for this chapter, analysis of the
material scope of the application of the right of divulgation is evaluated through the
monistic and dualistic approach to the regulation of copyright, and the jurisdictions
that are analysed are primarily France and Germany.
Against this background, the analysis in the chapter provides for overlapping
interpretational criteria of both rights that encompass an act of sharing, the defini-
tion of what the public is, and what the modes of dissemination of work are.
1 Introduction
The right of divulgation, as a moral right of the author, and the right of communica-
tion to the public, as an economic right of the author, both share the same trigger
point for their application. This trigger point consists of the author’s fundamental
choice of sharing her or his work with the world and public at large, in which the
B. Marušić (*)
Department of Law, Stockholm University, Stockholm, Sweden
e-mail: branka.marusic@juridicum.su.se

https://doi.org/10.1007/978-3-030-25579-4_6
138 B. Marušić
author of the work not only chooses to disclose her or his work but also the manner,
shape and place where this sharing will occur.
Unlike the right of communication to the public, which has been harmonised in
the European Union (EU), the right of divulgation, as a moral right is deeply rooted
in the national legislative and judicial interpretation of the Member States that rec-
ognise this moral right of the authors. In very general terms, the right of divulgation
in France entails making the work knowable to the public.1 In Germany, this right
entails that the work has been publicly disclosed if it has been made available to the
public with the consent of the right holder.2 The right of communication to the pub-
lic, as harmonised in the EU under the InfoSoc Directive,3 entails the right to autho-
rise or prohibit any communication to the public of works, by wire or wireless
means, including the making available to the public of works in such a way that
members of the public may access them from a place and at a time individually
chosen by them.
This chapter provides an insight to the material scope of the application of the
right of divulgation and the right of communication to the public to bring forward
arguments, why the application of both rights should only be addressed through the
protection afforded by the economic right. The rationale behind the above statement
is that since there exist fundamental connecting points in the material scope of
application and interpretation of these rights, the right of communication to the
public absorbs the right of divulgation, thus making the specific assessment of this
moral right redundant.
However, several qualifications need to be made. Firstly, the meaning of the
material scope of application refers to the extent of the subject matter of both rights
and the interpretation of their meaning by relevant courts. Secondly, in the EU, the
economic right of communication to the public has been harmonised, whereas the
right of divulgation as a moral right is defined by the national laws of the Member
States that recognise this right. Consequently, the interpretation of the right of com-
munication to the public is made by the Court of Justice of the European Union
(CJEU), whereas the interpretation of the right of divulgation is done by national
courts. Thirdly, since the material scope of the application of the right of divulgation
is contingent on the national framework provided for this right, the definition of
what this right entails is subject to change, depending on the jurisdiction in which
we observe it. It should be noted that no single term can, with clear precision, pro-
vide a holistic definition and meaning of this right, since it is interdependent on the
legal cultures and different theoretical postulates. Therefore, this chapter will
attempt to observe the concept of the right of divulgation through the jurisdictions
that have embraced the monistic and dualistic approach to regulation of copyright to
define some common ground for the material scope of application of this right.
1
See Adeney (2006), pp. 192–193.
2
See Dietz and Peukert (2016) in Davies and Garnett (2016), pp. 472–473.
3
6 Author’s Right to Choose: Right of Divulgation in the Online Digital Single Market… 139
Lastly, although the right of divulgation, as interpreted by national law, can also be
viewed through the prism of other economic rights, such as the right of distribution
or the right of reproduction, this chapter will concentrate on the right of communi-
cation to the public, since the connecting points of the material scope of the applica-
tion are closely intertwined and the interpretation of these rights both on the EU
level and national level have significant overlaps.
Against this background, two issues pertaining to the right of divulgation, as a
moral right and the right to communicate the work to the public, as an economic
right need to be delineated. The right of divulgation is a specific moral right which
is not harmonised either on an international level or on the EU wide level.4 This
right was specifically excluded from the remit of Article 6bis of the Berne
Convention5 during the Rome Revision Conference6 where it was stated that this
right involved balancing of the authors interest against the interest of the person to
whom economic rights were transferred, often the publisher, and might lead to a
conflict between the two. Therefore, these questions were outside of the Berne
Convention. It was noted by some academics that the exclusion of this right from
the remit of the Berne Convention was done because of the practical impossibility
of finding a workable definition that would be generally accepted.7 The effect of the
exclusion of this right on an international level early on, resulted in other interna-
tional treaties that refer to the Berne Convention and establish moral rights for
related rights, such as the WCT,8 and WPPT9 to exclude this right from their scope
of application. Furthermore, two additional issues need to be highlighted here, the
first being that on the level of World Trade Organization (‘WTO’) moral rights are
excluded from the scope of protection by virtue of Article 9 of the TRIPs Agreement,10
and the second being that moral rights are not harmonised on the EU level by virtue
of their exclusion from the harmonisation by the EU legislator.11 This in turn results
4
See Adeney (2006), pp. 115–159 and Davies and Garnett (2016), pp. 41–78.
5
Berne Convention for the Protection of Literary and Artistic Works (Paris Act of 24 July 1971 as
amended on 28 September 1979) (Berne Convention).
6
Actes de la Conférence réunie à Rome du 7 mai au 2 juin 1928 (Berne: Bureau de l’Union inter-
national pour la protection des œuvres littéraires et artistiques, 1929) (Rome Actes), p. 202.
7
See Strömholm (1967), p. 86.
8
World Intellectual Property Office Copyright Treaty, adopted on Dec. 20, 1996, WIPO, Doc.
CRNRIDC/94 (WCT).
9
WIPO Performances and Phonograms Treaty, adopted on Dec. 20, 1996, S. Treaty Doc. No. 105-
17, 36 ILM 76 (1997) (WPPT).
10
Agreement on Trade-Related Aspects of Intellectual Property Rights, adopted on Apr. 15, 1994,
Marrakesh Agreement Establishing the World Trade Organization, Annex 1C, The Legal Texts:
The Results of the Uruguay Round of Multilateral Trade Negotiations 320 (1999), 1869 U.N.T.S.
299, 33 I.L.M. 1197 (1994).
11
See SEC (2004) 995 of 17 July 2004, Commission Staff Working Paper on the review of the EC
legal framework in the field of copyright and related rights, par. 3.5; InfoSoc Directive, Rec. 19;
protection of databases, OJ L 77 (Database Directive), Rec. 28; Directive 2011/77/EU of the
European Parliament and of the Council of 27 September 2011 amending Directive 2006/116/EC
on the term of protection of copyright and certain related rights, OJ L 265 (Term Directive), Rec.
21 and Art. 9.
140 B. Marušić
to the fact that the right of divulgation is regulated on a national level of Member
States of the EU. However, for this chapter, analysis of the material scope of the
application of the right of divulgation will be evaluated through the monistic and
dualistic approach to the regulation of copyright. For illustrative purposes, jurisdic-
tions that will be analysed are primarily France and Germany. The choice of these
two jurisdictions seems apt in the evaluation of coexistence of this right with the EU
wide harmonised right of communication to the public since they demonstrate the
two circles of influence in Europe in addressing the meaning and scope of the right
of divulgation. France represents the circle of influence with a dualistic approach to
copyright, which made its way to the enactment of Article 6bis of the Berne
Convention.12 This dualistic approach views protection of moral rights indepen-
dently of economic rights, and as such they can be exploited independently of each
other.13 Germany represents the circle of influence with a monistic approach to
copyright, which considers both moral and economic rights as inseparable from
each other. This interdependence of the two is visible through the fact that exclusive
economic rights are viewed as serving the authors personal and intellectual interests
and, at the same time, personal moral rights serve her or his economic interest.14
The second delineation concerning the right of communication to the public
focuses on the harmonised rule made on the EU level that would cater to an exclu-
sive economic right of the right holder tailored for the online digital single market.
Similarly, to the right of divulgation, the right of communication to the public con-
cerns itself with the initial choice of the author to either share the work with the
public or keep the work for herself or himself. The legal concept of the economic
right of communication to the public, including making the work available to the
public was introduced in the EU legal framework with the implementation of the
InfoSoc Directive, which in turn implemented for the territory of the EU the WCT
and TRIPs Agreement. The difference between making available to the public and
communication to the public is that the right of making available, firstly introduced
in Article 8 of the WCT, was to supplement the provisions of the Berne Convention
concerning communication to the public. This is done by conferring an exclusive
right of communication to the public for authors of all kinds of works, in so far as
that right is not already conferred by the Berne Convention.15 Furthermore, the
CJEU in its interpretation of making the work available to the public, stated that the
concept of ‘making available to the public’, forms part of the wider ‘communication
to the public’.16 This right, therefore, confers a right to authorise ‘any communica-
tion to the public of works, by wire or wireless means’ and is more suited for the
online digital market.
12
See Ulmer (1960), p. 101.
13
See Lucas et al. (2012).
14
See Davies and Garnett (2016), p. 24.
15
See Reinbothe and Von Lewinski (2002), pp. 105–107 and Ficsor (2002), pp. 494–495.
16
CJEU, C More Entertainment AB v Linus Sandberg, Case C-279/13, Judgment of 26 March
2015, par. 24.
To exemplify the difference, it could be stated that the regulative framework of

the right of communication to the public was designed for ‘linear’ communication.
The mechanisms of that communication model rest on the fact that the signal is
‘pushed’ to the recipient who can only receive it (or not) at the time it is communi-
cated. In that model, it is relatively easy to determine when the communication took
place, from whom it originates and who are its recipients. This is also the traditional
model according to which radio and television broadcasting operate. With the
advent of new technologies, specifically the arrival of television on demand (‘video
on demand’) and then the internet, a new manner of communication appeared,
whereby the content of the communication is merely made available to potential
users, who can receive it when and where they wish to. The mechanisms of that
communication model, rests on the fact that only when the user decides to receive
the content the signal is actually communicated to him or her (‘pulled by the
recipient’).17
These two delineations put forward the fact that in certain jurisdictions in the
EU, there exist two sets of rights that have similar triggers to their application. Both
the economic right to communicate one’s work to the public, and the moral right of
divulgation have as an underlying presumption the author’s fundamental choice of
sharing the work with the public, and as previously mentioned, the author of the
work may choose to disclose her/his work and also the manner, shape and place
where this sharing will occur.
The setting chosen for the analysis of the intertwined modalities of these rights
is the online digital single market of the EU in the light of the new development of
case law of the CJEU. More specifically, in the recent case of GS Media,18 the CJEU
ventured into the assessment of how to define parameters of the right of communi-
cation to the public, against a factual setting where photographs have been shared
via a link that directed a user to an online storage platform. What was interesting
about this case is that these photographs were shared before their disclosure to the
general public in the Playboy magazine. Although the CJEU could only discuss the
economic right pertained in the case, the question remains how would the assess-
ment of the moral right of divulgation be made under the monistic and dualistic
jurisdictions that have the right of divulgation in their respective legislation.
This chapter is divided into three parts. The first part discusses the dualistic and
the monistic approach to regulating copyright and how does that legal framework
intertwine with the application of both the moral right and the economic right (Sect.
2). The second part discusses the peculiarities of the harmonised right of communi-
cation to the public, including making the work available to the public in the EU
(Sect. 3). The third part discusses the conclusions on the coexistence of these rights
in the EU’s digital market (Sect. 4).
17
Opinion of Advocate General Maciej Szpunar in Stichting Brein, C 610/15, Opinion of 8
February 2017, paras. 32–33; See also Von Lewinski and Walter (2010), pp. 973–980.
18
CJEU, GS Media BV v Sanoma Media Netherlands BV and Others, Case C 160/15, Judgment of
8 September 2016.
142 B. Marušić
2 D
ualistic and Monistic Approaches in Regulation
of Copyright
The simple idea of copyright is to protect the creations of a human mind. This pro-
tection can be either viewed through the natural rights theory under which the author
should be protected because he or she deserves it,19 or through the reward theory20
that states that the author should be rewarded, and it is good public policy to protect
authors’ creations.
The author’s creations, expressed through artistic and literary works represent
the manifestation of the author’s mind to the public. It is both the demonstration of
work and discipline that goes into shaping one’s mind, and an invitation to the inti-
mate inner sphere of the author’s perception of the world. In legal protection of
copyright, in general, these two aspects are protected through economic and moral
rights afforded to the author. The purpose of economic rights is to safeguard the
labour and discipline that is used to create a work and incentivise him or her to con-
tinue in artistic endeavours. The invitation to the intimate inner sphere of the
authors’ mind is protected by moral rights, which in the most general sense as
understood in copyright law, are a specific legal device that allow certain creators of
works to control the treatment and presentation of their work to others.21 In their
very core, they are used as a safeguard of non-economic interests that arise in the
creative industries.
In regulating copyright, the approach on how to view the application of these two
rights can be roughly placed into two doctrinal settings. The first one is the dualistic
approach, in which in general, the moral rights and economic rights are governed by
separate legal regimes. Here, the moral rights are seen as a manifestation of person-
ality rights, whereas the economic rights are seen as a type of property rights. For
illustrative purposes, the analysis of the dualistic approach to regulating copyright
and with it the right of divulgation, as a moral right, and the right of communication
to the public, will be primarily focused on the French model. However, this will be
supplemented by other solutions from other dualistic models, such as Belgian,
Italian and Greek models. It should be noted here, that there is a visible trend in
Europe, that dualistic approaches to copyright tend to merge the right of divulga-
tion, as a moral right to the economic right of communication to the public. This has
been done for example by the Nordic countries (Sweden, Denmark, Norway,
Iceland, Finland),22 the Netherlands23 and the United Kingdom.24
19
See Locke (1689/1988), vol. 2, chapter 5, Hughes (1988), p. 287, Yen (1990), p. 517 Gordon
(1993), p. 1533.
20
See Landes and Posner (1989), p. 325, Gordon (1989), p. 1343.
21
See Adeney (2006), p. 1.
22
See Axhamn (2016), pp. 608–612.
23
See Grosheide (2016), pp. 586–588.
24
See Davies and Garnett (2016), p. 83.
The second approach to regulating copyright is the monistic approach in which

both economic and moral rights are seen as a part of the same legal regime and are
not separated as such. They are also not, in general, part of the property concept.25
From a theoretical point of view, they are considered to be an emanation of the per-
sonality of the author, and in line with that copyright is viewed to be of a mixed
nature. Accordingly, monistic theorists attribute equal importance both to the per-
sonality of authors and economic aspects of copyright, and see copyright protection
rather as a right sui generis, neither purely personal nor purely economic right.26 For
illustrative purposes, the analysis of the monistic approach to regulating copyright
will be primarily focused on the German model. However, solutions from Austria
and Hungary will also be presented.
It should be highlighted that there exist jurisdictions in Europe, which also rec-
ognise the right of divulgation, such as Spain, Portugal, Czech Republic, Slovakia
and Luxembourg. However, these jurisdictions have a mixed monistic and dualistic
approach to copyright regulation, and, therefore, will not be analysed. The mixture
of both models in their respective regulative frameworks occurred either by these
jurisdictions starting in monistic model, and then adopting solutions from the dual-
istic model, such as Czech Republic and Slovakia,27 or starting in the dualistic
model and then adopting solutions from the monistic model such as Luxembourg.28
Additionally, Spain and Portugal mix of the two models derives from their constitu-
tional setting in regulation of copyright.29 In line with this, the conceptual shift in
observing copyright, as well as constitutional traditions of these jurisdictions, do
not provide for a clear delineation that could be used as a ground for comparisons
of modalities how the right of divulgation developed through time.
Against this background, the dualistic and the monistic approach to regulating
the right of divulgation will be presented in line with the coexisting economic right
made on the EU level. The analysis of the dualistic and the monistic approaches to
the right of divulgation will concentrate on three issues, the first issue is what this
right entails, the second issue is the exhaustion of this right, and the third issue is the
possible conflicts that might occur when we have a factual situation in which both
rights can be employed.
25
See Schricker (2017), p. 4.
26
See for discussions Adeney (2006), pp. 221–224, Allfeld (1902), p. 113, Ulmer (1980),
pp. 147–148.
27
Leška and Štechova (2016), pp. 373–375.
28
See Bungeroth (1977), p. 4.
29
See Akester (2016), pp. 637–639 and Buganza (2016), pp. 657–659.
144 B. Marušić
2.1 Dualistic Approach
As previously stated, the analysis of the dualistic approach to regulating the right of
divulgation will primarily focus on the French model. This is so since France is
oftentimes referred to as the modern-day birth place of moral rights.30 Without
going into a deeper analysis of the reasons for the existence of moral rights and their
exercise by the French courts, few general introductory lines will be made. The path
of recognition of moral rights in France was said to be made by the courts, rather
than the legislation. As early as 1814, a judgement was made on the protection of
moral rights by the Civil Tribunal of the Seine,31 and the first judgment concerning
the right of divulgation was made by the Court of Appeal of Paris in 1828.32
As stated above, the theory of authors’ rights in France is generally considered to
be dualistic in nature, which in turn means that the moral rights and economic rights
are governed by separate legal regimes.33 The economic rights are seen as a type of
property rights, while the moral rights are seen as belonging to personal rights.34 By
this, moral rights are considered a flexible tool by which the courts enforce these
rights considering the type of work, the level of originality, number of authors
involved, while having in mind the economic and other interests that might come
into play.35 Since the duality of copyright protection, the moral rights are seen as
perpetual, inalienable and imprescriptible in their nature. When it comes to the right
of divulgation, some authors argue that although not strictly prescribed to be per-
petual by legislation, the right still retains that quality,36 since the idea is that the
author can divulge its work whenever he wants to. This view is quite peculiar for
France and Italy, whereas other dualistic models have a more moderate view on
moral rights, such as providing same term of duration for both economic and moral
rights (not making them perpetual).37 Regarding the inalienability of the right, this
right cannot be transferred to others, and regarding the imprescriptible aspect (i.e.
that the right cannot lapse or be lost to non-use), this was viewed to be a general
nature of moral rights.38 As indicated before, the right of divulgation is only ascribed
to the author, and not the right holder of neighbouring and related rights.
The right of divulgation found in Article L. 121-2 of the CPI39 entails making the
work knowable to the public. On the other hand, the Greek model is more specific
30
See Strömholm (2002), pp. 224–225, Davies and Garnett (2016), p. 4.
31
Tri. Civ. Seine, Billecocq v Glendaz (1814).
32
CA Paris, Affaire Vergne (1828).
33
See Adeney (2006), p. 170.
34
See Caron (1998), pp. 121–122.
35
See Frabboni (2016a), p. 417.
36
See Caron (1998), p. 84.
37
For example, Belgium, Greece, Netherlands, Nordic countries.
38
See Adeney (2006), p. 169.
39
Code de la propriété intellectuelle (2018) https://www.legifrance.gouv.fr/affichCode.do?cidText
e=LEGITEXT000006069414. (CPI).
in stating that the right of divulgation entails the right to decide on the time, place
and manner in which the work will be accessible to the public.40 The Italian model
does not seem to have a statutory definition of the right of divulgation, and this right
is more merged with the economic right to publish one’s work. Yet courts had rec-
ognised it for heirs to oppose unauthorised publications of unpublished works.41
As was stated in one of the first French judgments about the right of divulgation,
the nature of this right lies in the fact that the ‘author remains the judge of the oppor-
tunity of publication of her or his work’.42 In its nature, this right is a positive right,
meaning that it allows the author to do more than simply react against the unauthor-
ised acts of others. The authors, and their heirs, are also entitled to choose when,
where and under what circumstances the work should be made public, and the
author may refuse to make the work public. However, this is not an authorial right
to force publication.43 These characteristics are also mirrored in the Belgian
model.44
On the exhaustion of the right of divulgation, in France and Belgium,45 it is con-
sidered that the right of divulgation is a right of first divulgation. Once the author
has exercised the right and divulgation took place, the right has been exhausted.
However, the right will not be exhausted if the work was divulged without the
author’s consent. It should be noted that there are different opinions whether the
exercise of this right or the act of divulgation takes place; at the point when the
author decides to divulge or at the point of physical divulging (presuming the inten-
tion to divulge is present).46 To add to the complexity, there is a discussion whether
a new type of disclosure is a first disclosure. Some commentaries, as well as courts,
were inclined to rule that divulging in a different form or medium or context will be
a new disclosure for purposes of protection.47 In the Belgian model, the new type or
a form of divulgating (such as a different medium) requires the author’s authorisa-
tion.48 However, if the work was divulged online, then changing the provider through
which the work has been divulged (for example Google News uses clips from news-
paper articles), is not considered a new medium, since the divulgation occurs on the
Internet.49 This outlook is quite similar to the reasoning of the CJEU in its interpre-
tation of the application of economic right on the Internet.50 In the Greek model, the
40
See Stamatoudi (2016), p. 499 and the footnotes contained therein.
41
See Frabboni (2016b), pp. 554–555.
42
CA Lyon, Lacordaire v Marle (1845).
43
See Adeney (2006), pp. 192–193.
44
See Torremans (2016), p. 360.
45
See Adeney (2006), pp. 192–193, Torremans (2016), p. 360.
46
See Adeney (2006), p. 194.
47
Ibid.
48
See Lips et al. (1998), p. 107.
49
See Torremans (2016), p. 360 and the footnotes contained therein.
50
See CJEU, Nils Svensson and Others v Retriever Sverige AB,Case C 466/12, Judgment of 13
February 2014, paras. 25-27; CJEU, BestWater International GmbH v Michael Mebes and Stefan
Potsch, C 348/13, Order of 21 October 2014, par. 16.
146 B. Marušić
right of divulgation requires a new authorisation for every new type or a form of
divulgating.51
The Greek model also entails the notion of a public, which is to be understood as
encompassing any circle of persons larger than the narrow circle of family and
friends.52 What is interesting here is the fact that here we do not assess whether the
act of divulging was made public, but also the possibility of divulging the work.53 In
practice, this means that the assessment in the infringement of this right would not
only focus on the actual act of divulging, but also whether access is being made to
the work, meaning that the fact whether recipients avail themselves to the possibil-
ity of consuming the work is irrelevant. Both these criteria closely resemble the
criteria used to assess the right of communication to the public put forward by the
CJEU. Regarding the public, the CJEU stated that the underlying idea is the public’s
ability to receive the copyrighted work, and not the mere consumption of the work
itself,54 meaning that we need to address the possibility of the consumption.
Regarding the size of the public, the CJEU used the formula of an indeterminate
number of potential viewers,55 which implies a fairly large number of persons.
Two conclusions come to forefront. The first is that the right of divulgation,
because of the dualistic nature of copyright protection, will coexist at the same time
as the right of communication to the public. The second is that there are two con-
necting points of these rights. The first connecting point is the prerequisite to have
obtained the consent of the author to disclose the work to the public, and the second
is the manner in which the work is disclosed to the public.
Unlike communication to the public, the right of divulgation is an exhaustible
right, meaning that once the work is divulged, the author cannot claim protection.
However, unlike the communication to the public, this right is perpetual in its nature
(in France and Italy) and non-alienable. This means that even if the economic right
has been transferred, the moral right could be used to prevent the disclosure of the
work. This is even more so considering that different forms of disclosure (different
mediums or infrastructures) can be viewed as a new type of disclosures. In the
Belgium model, even if the author disclosed the work, the editor cannot exploit the
51
See Stamatoudi (2016), pp. 497–498 and the footnotes contained therein.
52
See Stamatoudi (2016), p. 498, Court of First Instance, Athens, Decision No. 24610/2004,
Private Law Annals (2006), p. 929, Court of First Instance, Athens, Decision No. 20669/1998,
Commercial Law Review (1999), p. 153.
53
See Stamatoudi (2016), pp. 497–498 and the footnotes contained therein.
54
CJEU, Lagardère Active Broadcast v Société pour la perception de la rémunération équitable
(SPRE) and Gesellschaft zur Verwertung von Leistungsschutzrechten mbH (GVL),Case C 192/04,
Judgment of 14 July 2005, par. 30.
55
See CJEU, Mediakabel BV v Commissariaat voor de Media, Case C 89/04, Judgment of 2 June
2005, par. 30; CJEU, Lagardère Active Broadcast v Société pour la perception de la rémunération
équitable (SPRE) and Gesellschaft zur Verwertung von Leistungsschutzrechten mbH (GVL),Case
C 192/04, Judgment of 14 July 2005, par. 31; CJEU, Sociedad General de Autores y Editores de
España (SGAE) v Rafael Hoteles SA, Case C 306/05, Judgment of 7 December 2006, par. 37.
work without an agreement on the exploitation (contract of alienation of rights),56

which makes this right a preventive tool for the author to block dissemination.
2.2 Monistic Approach
The focus of the analysis of the monistic approach will be on the German model.
The monistic approach signifies that both economic and moral rights are considered
essential part of the subject matter of copyright as a whole. This in turn creates a
situation where these rights are time barred, just as the EU harmonised economic
right, and leads to the fact that although the right of divulgation is only ascribed to
the author (and not to the right holders of neighbouring and related rights) and is
inalienable, it can be exercised, in line with the authors interest and expressly autho-
rised by the author, on her or his behalf or even in her or his name when there has
been an infringement, for example by contractual partners of the author such as
publishers.57 However, unlike the French model, the right of divulgation might be
exercised expressly or by implication. The exercise by implication is quite impor-
tant here, since it will practically always be implied by the transfer of economic
rights to another party, if the exploitation of those economic rights necessary entail
the divulging of work.58
The main question is what does the right of divulgation entails in Germany.
Firstly, it should be mentioned that the German Bundesgerichtshof has described
this right to be in its nature an authorial right which is also commercial.59 Therefore,
it recognised the monistic approach of intertwining of economic and moral aspects
of copyright. In general, the right of divulgation states that the work has been pub-
licly disclosed if it is made available to the public with the consent of the right
holder.60 In essence, the broader the definition of a public to which the work is
divulged, the more limited the authorial rights are and the sooner they can be
exhausted. It has been an issue of disagreement what public disclosure is. In the
view of some commentaries,61 the term public entails when it is intended for a plu-
rality of persons, no matter whether the group of persons is limited in some particu-
lar way and whether they are bound together through mutual relationship to the
person carrying the act of divulgation. The dominant opinion62 is, however, that the
work is publicly disclosed if it is made available to everyone without a limitation.
This means that if a group of persons have a personal connection to each other, they
56
See Torremans (2016), pp. 364–365.
57
See Dietz and Peukert (2016), pp. 462–463; Adeney (2006), pp. 230–231 and 269.
58
See Adeney (2006), p. 235.
59
BGH [1955] GRUR 201, Cosima Wagner.
60
See Dietz and Peukert (2016), pp. 472–473.
61
See Nicolini and Ahlberg (2018), p. 252.
62
See Dietz and Peukert (2017), p. 262.
148 B. Marušić
would not constitute a public in the relevant sense.63 This view resembles closely the
definition of the public made by the CJEU in the line of cases pertaining to the eco-
nomic right of communication to the public, where the CJEU stated that public
consists of an indeterminate number of potential viewers,64 which implies a fairly
large number of persons in general, that is not restricted to specific individuals
belonging to a private group. However, some authors claim that the public may be
represented by one person (such as a publisher), provided that he or she is not con-
nected by personal relationship with the author.65 Furthermore, the right of disclo-
sure also gives the author the permission to control the disclosure of her or his work
to third parties, within a clearly defined group, until the time the author releases it
to the open public.66 This is not problematic in the Hungarian model, which views
the term public quite narrow and almost equalises it with the act of divulgation
itself. In the Hungarian model, even one person, e.g. a licensed user, can be regarded
as a public, if the work came to her or him into a lawful possession.67
The Austrian model, similarly to the Greek model, uses more precise terms and
defines the right of divulgation as the authors exclusive right to decide whether, by
whom and how her or his work will be made accessible to the public.68 However,
this right is not explicitly stated in the statutory provisions, but it forms a part of
rights of utilisation, which essentially means that the author through the authorisa-
tion of communication, consumes the divulgation right.69
Similarly to the French, Belgian and Greek model, the question also arises what
forms of disclosure need to be made for the right of divulgation to apply. Here, the
possible forms of acts of divulging can be practically unlimited. In the online arena,
it has been advanced that the act of divulging takes place if a file is uploaded onto a
server and thereby made available on the Internet. This is also true for placing mate-
rial on a website or posting it to a newsgroup.70
As in the French model, on the exhaustion of the right of divulgation, it is con-
sidered that the right of divulgation is a right of first divulgation. However, the ques-
tion still remains, what does the term first divulgation include. There are two
differing opinions on this. The first opinion71 is that the right of divulgation is
exhausted by first disclosure, as long as the act of divulging has been made with the
author’s consent, and it is a decision which can be only made once. The second
opinion72 is more in line with the EU harmonised economic right of communication
to the public, which states that the right of divulgation covers any occasion that the
63
See Adeney (2006), p. 233 and the footnotes contained therein.
64
See Mediakabel BV v Commissariaat voor de Media, par. 30.
65
See Dietz and Peukert (2016), pp. 472–473.
66
Ibid, p. 473 and the footnotes contained therein.
67
See Faludi (2016), p. 528 and the footnotes contained therein.
68
See Kucsko (1995), p. 43.
69
See Dittrich and Kucsko (1981), p. 20.
70
See Adeney (2006), p. 233 and the footnotes contained therein.
71
See Müsse (1999), p. 104.
72
work is released in the public sphere. A more moderate view, and more in line with
the French view, concentrates on the medium or the form of divulging, i.e. if a work
has been divulged through printed book, the right is still not exhausted for divulging
the work through a film. In this sense, the first divulgation means the divulgation for
a specific purpose. Unlike the French model, there is no bone of contention whether
divulging occurs with the consent of the author to divulge or the act itself; the act of
divulging exhausts the right.73
From the above mentioned, two conclusions come to forefront. The first is that in
defining whether the right of divulgation occurs, similar to the right of communica-
tion to the public, one needs to define what does the concept of the public entail.
Secondly, similar to the French model, the right of divulgation will coexist with the
right of communication to the public. However, unlike the French model, the pos-
sible employment of the consent of the author for every time the work is divulged
can create parallel authorisation schemes. The auto corrective measure for this
would be that the consent for the exercise of the right of divulgation is practically
always implied by the transfer of economic rights to another party, if the exploita-
tion of those economic rights necessary entail the divulging of the work (both in
German model and the Austrian model).
3 C
ommunication to the Public: Contours of a Harmonised
Economic Right
In addressing the contours of the right of communication to the public, three issues
need to be highlighted. The first issue is that the concept of communication to the
public on the EU wide level was harmonised as a part of incorporation of interna-
tional obligations deriving from international agreements to which either the EU or
its Member States were a party to. There are five international agreements that are
most relevant in the inception of this concept, and these are the Berne Convention,74
the WCT,75 the Rome Convention,76 the WPPT77 and the TRIPs78 Agreement. The
subject matter of these agreements revolves around copyright protection in the
73
See Adeney (2006), pp. 234–235 and the footnotes contained therein.
74
75
CRNRIDC/94 (WCT).
76
1961 Rome Convention for the Protection of Performers, Producers of Phonograms and
Broadcasting Organizations [1992] ATS 29 / 496 UNTS 43 (Rome Convention).
77
WIPO Performances and Phonograms Treaty, adopted on Dec. 20, 1996, S. Treaty Doc. No. 105-
17, 36 ILM 76 (1997) (WPPT).
78
299, 33 I.L.M. 1197 (1994).
150 B. Marušić
broad sense and copyright protection in the narrow sense. This differentiation
already points to the dispersion of the concept of communication to the public. This
is not only in terms of the fact that it is placed in different legislative instruments but
also that it has variable material scope depending on the type of work which is
attached to (authorial or entrepreneurial) or the beneficiary of this right (author or
for example a performing artist). This dispersion of the concept was mirrored in the
harmonising efforts in the EU.
By way of clarification, copyright protection in a narrow sense provides to the
author protection for her or his economic and moral rights, and is embodied in the
Berne Convention and WCT. Copyright protection ascribed to so-called copyright
neighbouring and related rights does not encompass the full scope of copyright
protection afforded to original works, but a limited one. The neighbouring and
related rights protect rights of performing artists, economic investments of phono-
gram, as well as broadcasting organisations. Together with the copyright protection
in the narrow sense, this type of protection forms copyright in a broad sense.79 On
the international level, this copyright protection is embodied in the Rome Convention
and WPPT. The TRIPs Agreement is an overarching international agreement, that—
in a general manner—encompasses and references some of the above mentioned
international agreements. The directives that implement the concept of communica-
tion to the public, deriving from the aforementioned international agreements are
the SatCab Directive,80 the Rental and Lending Rights Directive,81 and the InfoSoc
Directive. Generally speaking, the SatCab Directive and the Rental and Lending
Rights Directive implement the obligations deriving from the international agree-
ments that have as their subject matter neighbouring or related rights, whereas the
InfoSoc Directive covers both types of copyright. Since the right of divulgation in
France and Germany is only ascribed to the author and the beneficiaries of the
neighbouring and related rights are excluded from exercising this right, the contours
of the economic rights of communication to the public, will be addressed through
its enactment in the InfoSoc Directive.
The second issue pertains to the fact that the InfoSoc Directive introduces the
concept of communication to the public, including making the work available to the
public for both copyright in the narrow and broad sense. However, when it comes to
assessing this concept through the body of harmonising measures made on the EU
level, three generalities need to be noted. The first is the fact that this concept has an
autonomous and uniform interpretation throughout the EU, to be uniformly
applied.82 Secondly, that in the light of a requirement of unity of the EU legal order
79
See Kur and Dreier (2013), p. 241.
80
Council Directive 93/83/EEC of 27 September 1993 on the coordination of certain rules concern-
ing copyright and rights related to copyright applicable to satellite broadcasting and cable retrans-
mission, OJ L 248 (SatCab Directive).
81
Directive 2006/115/EC of the European Parliament and of the Council of 12 December 2006 on
rental right and lending right and on certain rights related to copyright in the field of intellectual
property (codified version), OJ L 376 (Rental and Lending Rights Directive).
82
CJEU, Sociedad General de Autores y Editores de España (SGAE) v Rafael Hoteles SA, Case C
306/05, Judgment of 7 December 2006, par. 31.
and its coherence, this concept used by the body of directives that harmonise the
field of copyright must have the same meaning,83 unless the EU legislature has, in a
specific legislative context, expressed a different intention.84 This expressed differ-
ent intentions can be visible in the different material scope of rights that is pertained
to communication to the public for the copyright in the narrow and broader sense
under the EU harmonisation directives. For example, broadcasters (right holders of
a neighbouring or related right) right of communication to the public under the
Rental and Lending Directive is triggered with the commercial exploitation of their
work, against a payment of an entrance fee, whereas authors—right holders in a
narrow sense—right of communication to the public under the InfoSoc Directive is
not conditioned with the commercial exploitation. Lastly, this concept needs to be
interpreted broadly,85 as referring to any transmission of the protected works, irre-
spective of the technical means or process used86 and, as far as possible, interpreted
in accordance with international law,87 in such a way that it is compatible with inter-
national agreements, considering the context in which those concepts are found and
the purpose of the relevant provisions of the international agreements.88
Generally speaking, the parameters of communication to the public can be
delimited under four criteria. The first two need to be cumulatively met, and these
are an ‘act of communication’ which is directed to a ‘public’. Other two are comple-
mentary and interdependent and they concentrate on evaluation of a ‘new public’ or
‘the profit-making nature’ of the act of communication itself. In this sense, the
CJEU discusses the need for an individual assessment of the concept of
communication to the public to make an assessment on a case-by case-analysis.89
83
See CJEU, Airfield NV and Canal Digitaal BV v Belgische Vereniging van Auteurs, Componisten
en Uitgevers CVBA (Sabam) (C 431/09) and Airfield NV v Agicoa Belgium BVBA (C 432/09),
Joined cases C 431/09 and C 432/09, Judgment of 13 October 2011, par.44; CJEU, Reha Training
Gesellschaft für Sport- und Unfallrehabilitation mbH v Gesellschaft für musikalische Aufführungs-
und mechanische Vervielfältigungsrechte eV (GEMA), Case C 117/15, Judgment of 31 May 2016,
paras. 23–34; CJEU, GS Media BV v Sanoma Media Netherlands BV and Others, Case C 160/15,
Judgment of 8 September 2016, paras 32–34.
84
See CJEU, Football Association Premier League Ltd and Others v QC Leisure and Others (C
403/08) and Karen Murphy v Media Protection Services Ltd (C 429/08), Joined cases C 403/08
and C 429/08, Judgment of 4 October 2011, paras. 187-18; CJEU, Verwertungsgesellschaft
Rundfunk GmbH v Hettegger Hotel Edelweiss GmbH, Case C 641/15, Judgment of 16 February
2017, paras. 16–20.
85
See CJEU, Sociedad General de Autores y Editores de España (SGAE) v Rafael Hoteles SA, Case
C 306/05, Judgment of 7 December 2006, par. 36; CJEU, Football Association Premier League Ltd
and Others v QC Leisure and Others (C 403/08) and Karen Murphy v Media Protection Services
Ltd (C 429/08), Joined cases C 403/08 and C 429/08, Judgment of 4 October 2011, par. 186.
86
429/08, Judgment of 4 October 2011, par. 193.
87
Ibid, par 189.
88
CJEU, Società Consortile Fonografici (SCF) v Marco Del Corso, Case C 135/10, Judgment of 15
March 2012, paras. 51–55.
89
See Quintais (2018), p. 4.
152 B. Marušić
This chapter will not go into analysis of what exactly each of these criteria mean,
and how were they interpreted by the CJEU. Instead, what this chapter will concen-
trate on is an evaluative lens through which the CJEU observes this economic right.
This economic right, in the CJEU’s interpretation is viewed through the author’s
consent to communicate the work to the public. Similarly, to the national interpreta-
tions of the right of divulgation, it presumes that the author consented or wanted her
or his work to be shared with the public. In the event that the consent is absent, this
economic right is breached.
The concept of consent can be analysed in two levels. First, when there is an act
of communication and secondly when there is a need to assess whether this act is
directed to a new public. When it comes to an act of communication, the indispens-
able role of the person facilitating the possibility of access of the recipient is assessed
through a knowledge based criterion. This knowledge based criterion is connected
to the degree of insight of the person on whether authors consent was given for the
work to be communicated. If a person knew or ought to have known that there is no
consent for communicating the work, then a copyright breach occurred. Furthermore,
if this person is making a profit out of the breach, then the evaluation of knowledge
is redundant, since it is understood that there is an obligation to seek consent before
engaging in profit-making exercise.90 Therefore, consent is placed as a cornerstone
in the evaluation of whether an act of communication occurred.
On the assessment of the existence of a new public, the consent is viewed through
the prism of the fact that every act of communication is individually authorised by
the author of the work in question. In this context, the technical means of access
play a role in the determination of the new public, since the manner that the access
is given and the fact that this access was not envisaged by the initial authorisation
determines whether a new public is reached.91 In the act of communication to the
public, if the access envisaged by the author was given to a specific audience, every-
thing falling outside this audience was deemed to be a new public. In the case of
online access, if the author did not envisage in her or his initial consent that the work
will be made available online, but only offline, a new authorisation or consent is
needed.92 Therefore, if the consent is given for a specific infrastructure (the online
or the offline arena) or a different technical mean, then there is no need to assess the
audience or the new public.93 In conclusion, as far as the assessment of the existence
of a new public is concerned, consent is required either in the presence of the new
audience or in the presence of a new technical mean.
Lastly, the right of communication to the public—including the right of making
the work available to the public—under statutory provision of the Art. 3.3 of the
InfoSoc Directive, cannot be exhausted. This means that for every act of communi-
90
See GS Media BV v Sanoma Media Netherlands BV and Others, paras. 40–43 and 52.
91
CJEU, BestWater International GmbH v Michael Mebes and Stefan Potsch, C 348/13, Order of
21 October 2014, par. 14.
92
CJEU, ITV Broadcasting Ltd and Others v TVCatchUp Ltd, Case C 607/11, Judgment of 7 March
2013, par. 26.
93
Ibid, paras. 38–39.
cation to the public, a new authorisation must be made by the author. Additionally,
in line with the Term Directive,94 the economic right of communication to the public
lasts for 70 years after the death of the author.
4 Redundancy: Connecting Points of Both Rights
Against this background, the connecting points of the right of communication to the
public and the right of divulgation can be seen in the application of these rights and
their interpretation. As was stated above, the right of communication to the public is
viewed through the consent of the author to communicate its work to the public, and
this consent needs to be made for every act of communication. Both in the dualistic
and monistic approach, the consent of the author is the basis of the right of divulga-
tion, and unlike the economic right, this right can be exhausted by first disclosure.
In the French, Belgian and Greek models, there are differing opinions in relation to
the exercise of this right and to when the exhaustion takes place. There are certain
similarities with the interpretation of the economic right of communication to the
public, namely the criteria what is an act of communication. Both the act of com-
munication and the act of divulging the work require consent of the author for the
right not to be infringed. This consent is not only needed for the first act that dis-
closes the work, but might also be needed for subsequent acts of disclosure if this
was done through different modes of disclosure (for example, different technical
mediums).
In the German model and similarly in the Austrian model, the exercise of this
right can be made by implication of the transfer of economic rights to another party,
if the exploitation of those economic rights necessarily entails the divulging of the
work. However, there are still differences in opinions on what does the term ‘to
publicly disclose’ entail, the meaning of an act of divulging (the form of it), and
when the right of divulgation is exhausted.
On the term ‘to publicly disclose’ in the German model, the minority opinion
highlights the fact that it can be viewed as intended for plurality of persons.95 This
is irrelevant of the fact whether the group of persons is limited in some particular
way and whether they are bound together through mutual relationship to the person
carrying the act of divulgation. In this interpretation, the term public has a wide defi-
nition, which in turn limits the authorial rights which can sooner be exhausted. What
is specifically problematic with this interpretation is the exclusion of the private
sphere, since everything is deemed public. In essence, what this interpretation
would suggest is that by way of disclosure of one’s work in a family circle, the
author would have exercised and exhausted her or his right of divulgation. However,
94
Directive 2011/77/EU of the European Parliament and of the Council of 27 September 2011
amending Directive 2006/116/EC on the term of protection of copyright and certain related rights,
OJ L 265 (Term Directive).
95
See Nicolini and Ahlberg (2018), p. 252.
154 B. Marušić
her or his economic right of communication to the public would remain untouched.
The more dominant opinion in the German model,96 which provides a more bal-
anced approach, and can be also found in the Greek model,97 advances the idea that
the work is publicly disclosed if it is made available to everyone without a limita-
tion, excluding the group of persons that have a personal connection to each other.
By this, the definition of public is curtailed and excludes the private sphere.
Consequently, this opinion suggests that if a work is disclosed in a private circle, for
example, family circle, the author retains both the moral right of divulgation and the
economic right of communication to the public. The definition of public, under the
latter opinion, resembles the outlook adopted by the CJEU in defining the criterion
of a public. In its interpretation of public, the CJEU stated that a public consists of
an indeterminate number of potential viewers which implies a fairly large number
of persons in general, that is not restricted to specific individuals belonging to pri-
vate group. In both interpretations of the term public, in the moral right and the
economic right, we can see that there is a connecting factor and a similar trigger
point in the sense that this term excludes disclosure in private settings.
Secondly, in both the monistic and the dualistic approach, the right of divulga-
tion can be consumed and exhausted by first disclosure. Unlike the French model,
in the German model there are essentially three ways to observe it. The first way is
that the right has been consumed when the act of divulging with the prior authors
consent has been made. The second view, which closely resembles the non-
exhaustion principle of making the work available to the public, states that the right
of divulgation covers any occasion that the work is released in the public sphere.
The third view, which is in line with the above mentioned French view, is that the
right of divulging is consumed every time the work is placed on a different medium.
Here, we can also see the similarities in the trigger points between the right of div-
ulgation and the right of making the work available to the public since the need of
consent is triggered either by every act of divulging or by a new mode on which the
work is made available. Lastly, in the German model, uploading a file onto a server
(a similar situation in the GS Media98 case) was deemed to be covered by the right
of divulgation.
The possible frictions, in these similar ways of behaviour, can be boiled down to
the issue of contractual transfers of economic rights. The first one is that, under the
French model, this parallel scheme of two rights can lead to the problem of contrac-
tual transferability of the use of the work. This means that even if the economic right
has been transferred, the moral right could be used to prevent the disclosure of the
work. This is even more so, considering that different forms of disclosure (different
mediums or infrastructures) can be viewed as a new type of disclosure. For exam-
ple, similar issues brought about the exclusion of this right in Sweden, since it was
96
97
See Stamatoudi (2016), p. 498, Court of First Instance, Athens, Decision No. 24610/2004,
Private Law Annals (2006), p. 929, Court of First Instance, Athens, Decision No. 20669/1998,
Commercial Law Review (1999), p. 153.
98
See GS Media BV v Sanoma Media Netherlands BV and Others.
reasoned that this right is too closely connected with the economic right to repro-
duce copies and make them available to the public,99 and was commented by some
academics as a viable legislative solution, since the existence of these two rights
could lead to technical problems100 (such as the issue of transferability). In the
German model, this would not be such a problem if the exploitation of the economic
rights would necessary entail divulging of the work, since then there is a presump-
tion of implied exercise of the right of divulgation.
However, if both sets of rights have the same connecting points and—in
essence—have the same underlying presumptions of consent and disclosure, then it
would be reasonable to merge them under an economic right in their assessment,
since double assessment of the same connecting points would seem redundant. In
this case, assessment under the economic right, rather than the one under the moral
right, can provide a higher standard of legal certainty for the market players in the
EU. The general principle of legal certainty as defined under the EU law is a prin-
ciple that relies on the fundamental premise that those subject to the law must know
what the law is, to be able to plan their actions accordingly,101 thus being entitled to
have legitimate expectations, otherwise the law becomes arbitrary to them. One set
of rules for the entire territory of the EU and for the same trigger point, which in this
case is consent and disclosure, does provide the market players with knowledge of
what the law is to plan their actions accordingly. Having two parallel schemes, one
for the entire territory of the EU, and one present in some Member States, depletes
legal certainty, and creates obstacles to trade in the internal market, specifically
when it comes to the transfer of rights of use, and even more so applied to online
settings. By this, legitimate expectations of the market players are diminished, since
they can never truly know when and under what circumstances the invocation of the
right of divulgation might hinder their already legally obtained consent and disclo-
sure authorisation.
5 Conclusion
The fact that the same act can produce two sets of legal consequences, or two
grounds for legal protection, is not a novelty in copyright protection. However, the
question that is raised here is that if both of the grounds for legal protection have
similar or almost the same material scope of application, does this create a redun-
dancy in the assessment of one of the rights?
The analysis of the material scope of application of both these rights demon-
strates two trends. The first trend is that the jurisdictions that have monistic approach
to copyright have both these rights contained in their copyright legislative frame-
work, whereas the jurisdictions with dualistic approach are more inclined to merge
99
See Axhamn (2016), p. 607.
100
Strömholm (2002), p. 229.
101
Tridimas (2000), p. 163.
156 B. Marušić
these two rights. For example, in the Nordics,102 the rationale behind the merge was
based mainly on the argument that the economic rights ascribed to the author pro-
vide for an adequate protection against unauthorised publication. The scope of both
the moral right of divulgation and economic rights was seen as overlapping, there-
fore providing two sets of rights for the same legal problem, seemed redundant. The
merging of the two rights is visible in, for example, Sweden, Denmark, Finland,
Netherlands and United Kingdom, whereas other dualistic jurisdictions such as
France, Belgium, Italy and Greece, retain the separation of the moral right and the
economic right.
Even with this quite general statement, it is visible that merging of the concepts
and the material scope of application of both economic and moral rights, irrelevant
of the dualistic or monistic approach, is more an intuitive step made either by the
legislators (such as merging the right of divulgation with utilisation done by the
Austrian legislator), or by courts (such as merging both concepts in German court,
or providing a moral right dimension to an economic right by Italian courts).
The second trend is that since this intuitive step is already being done by the
legislator and the courts, the concept of divulgation done on the national level is
slowly starting to resemble the concept of communication to the public on the EU
level. This is visible through the authorisation criteria that is needed for different
forms of divulging (France, Belgium, Greece, Germany), yet not for internet
(Belgium); also in the criteria for determination of the public (Germany), or deter-
mination of whether the right can be exhausted (Germany).
The question here is whether there is a room for harmonisation of moral rights in
the EU and, with this, harmonisation of the right of divulgation. Although there has
been an ongoing discussion on the EU level about the possibility of harmonisation
of moral rights, the issue of competence to harmonise and a lack of a real need to do
so has been put forward as main arguments against it.103 From the EU harmonisation
competence perspective, two legal grounds come into the forefront. The first one is
the adherence by the EU to the Berne Convention. However, several qualifications
need to be made here. Firstly, the Berne Convention is an international agreement to
which all Member States of the EU are party to, however EU is not. This does not
mean that the EU is deprived of any link with the international obligations deriving
from the Berne Convention. The TRIPs Agreement and the WCT, which are both
international agreements to which the EU is a party to, include an obligation of
adherence of the EU to the Berne Convention, but not the entire agreement is cov-
ered by this obligation.104 However, the TRIPs Agreement in Article 9 (1) excludes
moral rights protection provided in Article 6bis of the Berne Convention, whereas
the Article 1 (4) of the WCT encompasses this obligation.105 Secondly, and against
this background, the CJEU, in several judgements, advanced an idea that the EU, by
102
Strömholm (2002), p. 219.
103
See Davies and Garnett (2016), pp. 69–78.
104
CJEU, Commision v Ireland, Case C-13/00, Judgment of 19 March 2002, paras. 14–20.
105
See for example CJEU, DR and TV2 Danmark A/S v NCB – Nordisk Copyright Bureau, Case
C-510/10, Judgement of 26 April 2012, par. 29.
adopting the InfoSoc Directive, had exercised the competence previously devolved
on the Member States in the field of intellectual property. Within the scope of that
directive, the EU must be regarded as having taken the place of the Member States,
which are no longer competent to implement the relevant stipulations of the Berne
Convention.106 With this, the CJEU suggests in its case law that only economic
rights stemming from the Berne Convention are covered in this obligation, through
their incorporation in the InfoSoc Directive. Even if one takes the view of wide
interpretation, which would encompass a derived competence to harmonise the
moral rights from the Berne Convention, these rights would only be the right of
paternity and integrity, since the right of divulgation is out of the remit of Article
6bis of the Berne Convention.
The second legal ground can be found under Article 114 of the TFEU.107 Article
114 of the TFEU contains a functional competence rule,108 and is regarded as a
proper legal basis through use of directives as legal mechanisms for harmonisation
and approximation of laws on the EU wide level to alleviate differences caused by
national laws. Since the right of divulgation, as seen through the analysis done in
this chapter, has the possibility to create obstacles in the internal market, by the fact
that it has different application (or lack of it) in the Member States, one could argue
that harmonisation of this right could be done through a directive on moral rights.
However, as was pointed out in this chapter, although the right of divulgation and
the right of communication to the public differ in their raison d' etre, the end result
of application and interpretation is practically the same, making the reason for the
EU wide harmonisation of this moral right redundant. Therefore, in the light of legal
certainty, the assessment of these two rights should be merged, paving way to the
assessment through the economic right, to promote legitimate expectations of mar-
ket players in the EU, and consequently higher standard of legal certainty.
References
1961 Rome Convention for the Protection of Performers, Producers of Phonograms and
Broadcasting Organizations [1992] ATS 29/ 496 UNTS 43
Actes de la Conférenceréunie à Rome du 7 mai au 2 juin 1928 (1929) Bureau de l'Union interna-
tional pour la protection des œuvres littéraires et artistiques, Berne
Adeney E (2006) The moral rights of authors and performers: an international and comparative
analysis. Oxford University Press, Oxford
Agreement on Trade-Related Aspects of Intellectual Property Rights, Apr. 15, 1994, Marrakesh
Agreement Establishing the World Trade Organization, Annex 1C, The Legal Texts: The
Results of the Uruguay Round of Multilateral Trade Negotiation 320 (1999), 1869 U.N.T.S.
299, 33 I.L.M. 1197 (1994)
106
Ibid par. 31, Cf. CJEU, Luksan, Case C-277/10, Judgement 9 February 2012, par. 64.
107
Treaty of Lisbon Amending the Treaty on European Union and the Treaty Establishing the
European Community, Dec. 13, 2007, 2007 O.J. (C 306) 1 (TFEU).
108
Ramalho (2016), p. 20.
158 B. Marušić
Akester P (2016) Portugal. In: Davies G, Garnett K (eds) Moral rights, 2nd edn. Sweet and
Maxwell, London, pp 637–655
Allfeld P (1902) Kommentar zum LUG und zum Verlagsgesetz von 1901 (Commentary to the
LUG and the Publishing Law of 1901). Munich
Axhamn J (2016) The Nordic countries. In: Davies G, Garnett K (eds) Moral rights, 2nd edn.
Sweet and Maxwell, London, pp 605–635
amended on 28 September 1979)
BGH [1955] GRUR 201, Cosima Wagner
Buganza C (2016) Spain. In: Davies G, Garnett K (eds) Moral rights, 2nd edn. Sweet and Maxwell,
London, pp 657–677
Bungeroth E (1977) Luxembourg. In: Möhring P, Schulze E, Ulmer E, Zweigert K (eds) Quellen
des Urheberrechts, vol 4. Looseleaf, Frankfurt am Main and Berlin, p 4
CA Lyon, Lacordaire v Marle (1845)
CA Paris, Affaire Vergne (1828)
Caron C (1998) Abus de droit et droit d'auteur. Litec, Paris
CJEU, Airfield NV and Canal Digitaal BV v Belgische Vereniging van Auteurs, Componisten en
Uitgevers CVBA (Sabam) (C 431/09) and Airfield NV v Agicoa Belgium BVBA (C 432/09),
Joined cases C 431/09 and C 432/09 Judgment of 13 October 2011
CJEU, BestWater International GmbH v Michael Mebes and Stefan Potsch, C 348/13, Order of
21 October 2014
CJEU, Commission v Ireland, Case C-13/00, Judgment of 19 March 2002
CJEU, C More Entertainment AB v Linus Sandberg, Case C 279/13, Judgment of 26 March 2015
CJEU, DR and TV2 Danmark A/S v NCB – Nordisk Copyright Bureau, Case C 510/10, Judgement
of 26 April 2012
CJEU, GS Media BV v Sanoma Media Netherlands BV and Others,Case C 160/15, Judgment of
8 September 2016
CJEU, ITV Broadcasting Ltd and Others v TVCatchUp Ltd, Case C 607/11, Judgment of 7 March
2013
CJEU, Lagardère Active Broadcast v Société pour la perception de la rémunération équitable
(SPRE) and Gesellschaft zur Verwertung von Leistungsschutzrechten mbH (GVL),Case C
192/04, Judgment of 14 July 2005
CJEU, Luksan, Case C-277/10, Judgement 9 February 2012
CJEU, Mediakabel BV v Commissariaat voor de Media, Case C 89/04, Judgment of 2 June 2005
CJEU, Nils Svensson and Others v Retriever Sverige AB,Case C 466/12, Judgment of 13 February
2014
CJEU, Reha Training Gesellschaft für Sport- und Unfallrehabilitation mbH v Gesellschaft für
musikalische Aufführungs- und mechanische Vervielfältigungsrechte eV (GEMA), Case C
117/15, Judgment of 31 May 2016
CJEU, Sociedad General de Autores y Editores de España (SGAE) v Rafael Hoteles SA,Case C
306/05, Judgment of 7 December 2006
CJEU, Società Consortile Fonografici (SCF) v Marco Del Corso, Case C 135/10, Judgment of 15
March 2012
CJEU, Verwertungsgesellschaft Rundfunk GmbH v Hettegger Hotel Edelweiss GmbH, Case C
641/15, Judgment of 16 February 2017
Code de la propriété intellectuelle. https://www.legifrance.gouv.fr/affichCode.do?cidTexte=LEGI
TEXT000006069414
Council Directive 93/83/EEC of 27 September 1993 on the coordination of certain rules concern-
ing copyright and rights related to copyright applicable to satellite broadcasting and cable
retransmission, OJ L 248
Court of First Instance, Athens, Decision No. 20669/1998, Commercial Law Review (1999)
Court of First Instance, Athens, Decision No. 24610/2004, Private Law Annals (2006)
Davies G, Garnett K (eds) (2016) Moral rights, 2nd edn. Sweet and Maxwell, London, pp 3–12,
13–21, 23–40, 41–67, 69–78, 81–109
Dietz A, Peukert A (2016) Germany. In: Davies G, Garnett K (eds) Moral rights, 2nd edn. Sweet
and Maxwell, London, pp 455–482
Dietz A, Peukert A (2017) In: Schricker G, Loewenheim U (eds) Urheberrecht, 5th edn. C.H. Beck,
Munich, pp 262–266.
harmonisation of certain aspects of copyright and related rights in the information society, OJ
L 167
property (codified version), OJ L 376
Directive 2011/77/EU of the European Parliament and of the Council of 27 September 2011
amending Directive 2006/116/EC on the term of protection of copyright and certain related
rights, OJ L 265
protection of databases, OJ L 77
Dittrich R, Kucsko G (1981) Urheberrecht: Systematischer Kommentarzum Urheberrechtsgesetz.
Manz, Vienna
Faludi G (2016) Hungary. In: Davies G, Garnett K (2016) Moral rights, 2nd edn. Sweet and
Ficsor M (2002) The law of copyright and the internet: the 1996 WIPO treaties, their interpretation
and implementation. Oxford University Press, Oxford
Frabboni MM (2016a) France. In: Davies G, Garnett K (eds) Moral rights, 2nd edn. Sweet and
Frabboni MM (2016b) Italy. In: Davies G, Garnett K (eds) Moral rights, 2nd edn. Sweet and
Gordon W (1989) An inquiry into the merits of copyright: the challenges of consistency, consent
and encouragement theory. Stanford Law Rev 41:1343
Gordon W (1993) A property right in self-expression: equality and individualism in the natural law
of intellectual property. Yale Law J 102:1533
Grosheide FW (2016) The Netherlands. In: Davies G, Garnett K (eds) Moral rights, 2nd edn.
Sweet and Maxwell, London, pp 561–603
Hughes J (1988) The philosophy of intellectual property. Georgetown Law J 77:287
Kucsko G (1995) Austria. In: Metaxas-Maranghidis G (ed) Intellectual property laws of Europe.
John Wiley & Son Ltd, London, p 43
Kur A, Dreier T (2013) European intellectual property law text, cases and materials. Edward Elgar.
Cheltenham
Landes W, Posner R (1989) An economic analysis of copyright law. J Legal Stud 18:325
Leška R, Štechova K (2016) Czech Republic and Slovakia. In: Davies G, Garnett K (eds) Moral
rights, 2nd edn. Sweet and Maxwell, London, pp 373–413
Lips B, Vilars D, Maqua A, Folon J (1998) Du numérique au multimédia, Aspects juridiques et
commerciaux, Ministère de la Région Wallonne. DGTRE, Brussels
Locke J (1689/1988) Two treaties of government. Cambridge University Press, Cambridge
Lucas A, Lucas H-J, Lucas-Schloetter A (2012) Traité de la propriété littéraire et artistique. Oxford
University Press, Oxford
Müsse HG (1999) Urheberpersönlichkeitsrecht unter besonderer Berücksichtigung der
Veröffentlichung und der Inhaltmitteilung. Dissertation, Albert-Ludwigs-Universität Freiburg.
Nicolini K, Ahlberg H (2018) Möhring-Nicolini Urheberrechtgesetz Kommentar, 2nd edn. Franz
Vahlen, Munich, p 252
160 B. Marušić
Opinion of Advocate General Maciej Szpunar in Stichting Brein, C 610/15, Opinion of 8 February
2017
Quintais JP (2018) Untangling the hyperlinking web: in search of the online right of communica-
tion to the public. J World Intellect Property, p 4
Ramalho A (2016) The competence of the European Union in copyright lawmaking - a normative
perspective of EU powers for copyright harmonization. Springer
Reinbothe J, Von Lewinski S (2002) The WIPO treaties 1996. Butterworths/LexisNexis, London
Schricker G (2017) In: Schricker G, Loewenheim U (eds) Urheberrecht, 5th edn. C.H. Beck,
Munich, p 4
SEC (2004) 995 of 17 July 2004, Commission Staff Working Paper on the review of the EC legal
framework in the field of copyright and related rights
Stamatoudi IA (2016) Greece. In: Davies G, Garnett K (eds) Moral rights, 2nd edn. Sweet and
Strömholm S (1967) Le droit moral de l'auteur, vol 1. Norstedt&SönersFörlag, Stockholm
Strömholm S (2002) Droit Moral–the international and comparative scene from a Scandinavian
viewpoint. Scandinavian Studies in Law, Stockholm Institute for Scandinavian Law
Torremans P (2016) Belgium. In: Davies G, Garnett K (eds) Moral rights, 2nd edn. Sweet and
Treaty of Lisbon Amending the Treaty on European Union and the Treaty Establishing the
European Community, Dec. 13, 2007, 2007 O.J. (C 306) 1
Tri. Civ. Seine, Billecocq v Glendaz (1814)
Tridimas T (2000) The general principles of EC law. Oxford University Press, Oxford
Ulmer E (1960) Urheber and Verlagsrecht, 2nd edn. Springer, Berlin
Ulmer E (1980) Urheber- und Verlagsrecht, 3rd edn. Springer, Berlin
Von Lewinski S, Walter M (2010) European copyright law: a commentary. Oxford University
Press, Oxford
WIPO Performances and Phonograms Treaty S. Treaty Doc. No. 105-17, 36 ILM 76 (1997)
World Intellectual Property Office Copyright Treaty, adopted on Dec. 20, 1996, WIPO Doc.
CRNRIDC/94
Yen A (1990) Restoring the natural law: copyright as labour and possession. Ohio St Law J 51:517
Chapter 7
“Digital” Exhaustion and the EU (Digital)
Single Market
Liliia Oprysk
Abstract A reference for a preliminary ruling on the applicability of exhaustion of

the right of distribution under the Copyright Directive to e-books reached the Court
of Justice of the European Union (CJEU), putting copyright exhaustion once again
under the spotlight in the EU. In light of the Court’s tendency to extend the scope of
the right of communication to the public to include any act remotely related to a
protected work, the reference is of uttermost importance for drawing the boundaries
of copyright protection online. While the topic of “digital” exhaustion is intriguing
from the perspective of copyright law, it is no less thought-provoking in the context
of the internal market. Even before the copyright harmonisation took off, the CJEU
used the principle to facilitate the functioning of the internal market by eliminating
the impediments to the free movement of goods within the EU. The subsequent
copyright harmonisation of exhaustion under the acquis relied largely upon the
CJEU rulings weighting the objectives of the internal market with that of national
copyright laws. Accordingly, the Court’s ruling in the case is not only a matter of
copyright but also a matter of the internal market. This chapter seeks to place the
issue at stake in its broader context. Namely, it discusses whether extending the
applicability of exhaustion to the acts of online dissemination would contribute to
the Digital Single Market (DSM). It suggests that the “digital” exhaustion has a
potential to advance the DSM. However, its role would be rather different from the
one exhaustion had in the analogue internal market, which shall be accounted for.
L. Oprysk (*)
IT Law Programme, University of Tartu, Tartu, Estonia

https://doi.org/10.1007/978-3-030-25579-4_7
162 L. Oprysk
1 Introduction
Although the exhaustion principle developed separately in each field of Intellectual

Property (IP),1 exhaustion is sometimes referred to as a common principle of IP.2 An
item manufactured using a patented process, bearing a trademark and presenting a
copy of literary or artistic work would, in most cases, be outside of the control of all
the right holders involved, once it has been placed on the market. The right to autho-
rise or prohibit further distribution of that particular copy would expire.
Although exhaustion is a widespread concept stretching across the IP fields, its
scope has been neither fully explored nor articulated.3 Whilst under the respective
IP field, exhaustion is perceived as a boundary of an exclusive right of distribution,
the concept has also occasionally been used to balance the divergent objectives of
IP protection with that of other fields of law.4 Although the advent of digital tech-
nologies influenced IP types to a different extent, copyright, without a doubt, is a
field that has been affected the most. Not only did the online environment become
one of the primary dissemination channels, the challenges posed by the develop-
ment of technology made international harmonisation highly desirable.5 Considering
the unique challenges the exhaustion concept faced under the copyright law, this
chapter refers to the concept solely in the copyright context.
Besides the role of exhaustion in determining the scope of the exclusive rights
under copyright, there are various other areas which have been associated with it.6
In the European Union (EU), which is the primary focus of this chapter, the exhaus-
tion principle was used early on in the harmonisation to facilitate the functioning of
the internal market. The concept became an instrument of regulating trade between
the Member States (MS) even before exhaustion was harmonised under the EU
copyright acquis.7 The very name itself was appropriated to develop means of deal-
ing with the conflicts of a single market and national laws.8
1
The research leading to this contribution has been supported by the Estonian Research Council
grant PUT PRG 124.
2
Yusuf and von Hase (1992), pp. 115–131; for the EU law perspective, see Schovsbo (2010), p. 10.
3
Katz (2014), p. 55.
4
For instance, introducing exhaustion rule avoids the conflict between the exclusive rights under
the copyright and property right in a tangible object in which a work is embodied.
5
Among the questions raised was the possible extension of the exclusive rights to the online envi-
ronment and their limits. The issue was extensively discussed during the Negotiations on the
Possible Protocol to the Berne Convention, which led to the adoption of the WIPO Copyright
Treaty and WIPO Performances and Phonograms Treaty.
6
Inter alia, the exhaustion of the right of distribution enables a secondary market and competition
between the platforms. See more in Rubí Puig (2013), pp. 160–162.
7
On the original intent behind harmonising the exhaustion on the EU level, see Jehoram (1994),
pp. 821–840. On the usage of exhaustion in the context of competition law, see Gallego (2003),
pp. 479–502.
8
Cook (2010), p. 357.
7 “Digital” Exhaustion and the EU (Digital) Single Market 163
Accordingly, the discussion on the exhaustion principle under the EU law is

always two-fold: on the one hand, it is the copyright aspect under the EU copyright
acquis, and, on the other hand, it is the internal market dimension. In the absence of
clearly defined rationales of copyright protection under the EU copyright acquis, it
is somewhat challenging to draw conclusions on the desirability of extending the
principle relying solely on the wording of the acquis. The adoption of the Digital
Single Market Strategy (DSM Strategy) calls for considering also the internal mar-
ket perspective, digital version of which is where “the free movement of goods,
persons, services and capital is ensured and where individuals and businesses can
seamlessly access and exercise online activities under conditions of fair competition
and a high level of consumer and personal data protection, irrespective of their
nationality or place of residence”.9
This chapter discusses whether the exhaustion principle as formulated and
worded in the analogue era can assist in facilitating the free movement of digital
goods and services as set out in the DSM Strategy. Given the very absence of clarity
on the exhaustion applicability to the online dissemination under the EU copyright
acquis, the answer is nothing but straightforward. As a reference for a preliminary
ruling on the application of exhaustion to acts of online dissemination under the EU
copyright acquis has recently reached the CJEU, the copyright aspect of it is to be
clarified in the nearest future.10 What remains to be seen is how the CJEU answering
the question in either affirmative or in negative could contribute to or interfere with
the objectives of the DSM.
2 Copyright Exhaustion and Cross-Border Trade
Exhaustion is a term that generally refers to the consumption (meaning termination)

of the copyright holder’s right to control further distribution of a copy of a work
upon the first distribution of that copy.11 It defines the scope of the distribution right
granted to the right holder, which shall not cover distribution of copies beyond their
first marketing pursuant to the authorisation.12 As the copyright laws developed, the
prerequisites of the exhaustion changed, which inevitably altered the scope of the
exclusive right of distribution itself.13 Furthermore, the concept has also been
9
Economic and Social Committee and the Committee of the Regions. A Digital Single Market
Strategy for Europe COM(2015) 192 final.
10
CJEU, Nederlands Uitgeversverbond and Groep Algemene Uitgevers. Case C 263/18.
11
Gotzen (1990), p. 300; Yusuf and von Hase (1992), p. 116; Tjin Tai (2003), p. 207; Karapapa
(2014), p. 307; Rognstad (2014), p. 1. On importation, see Slotboom (2003), p. 422 and Schovsbo
(2010), pp. 3–4.
12
The view also found in Lucas (2010), p. 306.
13
Confining exhaustion to a smaller range of acts triggering its application ultimately results in the
expansion of the scope of the exclusive right.
164 L. Oprysk
employed by different fields of law. For instance, the principle was used to eliminate
the adverse monopoly effect of the exclusive IP rights on market and competition
within it, particularly on cross-border trade.
Due to the different objectives that became attached to exhaustion, its harmoni-
sation on the international level is so far a seemingly impossible task. Several
attempts to harmonise it were made in the 1990-ies, as the influence of certain dis-
parities in the national laws reached beyond the national borders.14 With the emer-
gence of the new forms of exploitation of a work, the boundaries of the concept
became of uttermost importance. For instance, one of the main driving forces behind
the explicit recognition of the exclusive right of rental (not subject to exhaustion)
was the very existence of exhaustion under certain national laws. In the absence of
exhaustion, a separate right of rental would not be necessary, as it generally consti-
tuted a form of distribution.15
At present, when the rental right has been widely recognised and harmonised, the
primary function of exhaustion is to delimit the scope of the broad right of distribu-
tion. However, the wording relies heavily on the distinction between the transfer of
ownership and possession, which was drawn at the outset of international negotia-
tions to ensure that the rental right would not be exhausted upon the first distribu-
tion.16 Accordingly, the wording of exhaustion under the international treaties
should not be examined in isolation but rather in the context of negotiations ongoing
at the time of the adoption.
Although the exhaustion principle seems straightforward, it is far from that.
Given the territoriality of copyright protection and the divergent scope of rights
under the national laws, certain differences arise. For instance, for the application of
exhaustion in a particular jurisdiction, it might or might not matter whether the cop-
ies in question were distributed for the first time within its territory or abroad. The
latter is ultimately a question which is not resolved by the principles of copyright
alone but rather depends on a variety of considerations outside it.17
The territoriality of exhaustion makes quite a difference for cross-border trade.
Depending on the type applied, movement of goods and services across the borders
can be severely distorted.18 Ultimately, the desirable international harmonisation of
exhaustion would not be complete unless the territoriality aspect is settled as well.
So far, there is still no agreement on the international level, although some interna-
tional or supra-national organisations maintain common regimes. In the EU, for
example, the regional exhaustion is practised. It resembles national exhaustion by
14
Most jurisdictions provided the right of distribution that was limited to the first distribution either
through the exhaustion principle or other instruments (such as implied license). The territoriality
of exhaustion, on the other hand, varied greatly and impaired the cross-border trade.
15
Longdin Lim (2013), p. 544; Gotzen (1990), p. 299.
16
Committee of Experts on a Possible Protocol to the Berne Convention (1991) First Session.
Questions concerning a possible protocol to the Berne Convention Part II. (Draft). Memorandum
prepared by the International Bureau, p. 20.
17
For example, it depends on a state’s trade policy on parallel importation.
18
Yusuf and von Hase (1992), p. 116; Slotboom (2003), pp. 421–440.
precluding unauthorised import of copies which were put into circulation outside
the EU, notwithstanding the right holder’s authorisation of the first distribution.
The TRIPS Agreement would perhaps be an appropriate instrument to deal with
the matter of exhaustion’s territoriality on the international level.19 Nevertheless,
while it provides for common minimum standards of IP protection, the Agreement
does not spell out the limitations to granted rights.20 Similarly, territoriality of
exhaustion is out of the scope of the WIPO Copyright Treaty (WIPO CT).21 Although
lively debated during the negotiations, the issue was left for the states to decide. In
a sense, such a solution endorsed international exhaustion. By prescribing national
exhaustion, the Treaty would foreclose any possibility of parallel importation and
harm international trade.22
3 R
ole of Exhaustion in the EU Acquis and the Internal
Market
The harmonisation of the exhaustion principle under the EU acquis can be divided
into two interconnected yet separate stages. First, before the copyright harmonisa-
tion took off, in the absence of any common copyright legislation, the CJEU had to
examine the compatibility of the exclusive rights under the national copyright laws
with the objectives of the European Economic Community (EEC) Treaty. At this
stage, the Court was not concerned with the content of copyright protection as such,
but rather with a possible interference of divergent national laws with the objectives
of the internal market. Second, based on the CJEU jurisprudence and in the course
of Community expansion, the European Commission (EC) introduced a couple of
Directives aiming at harmonising copyright laws across the Member States, simul-
taneously fulfilling obligations under the international treaties.
19
Agreement on Trade-Related Aspects of Intellectual Property Rights, adopted in Marrakesh on
15 April 1994, Marrakesh Agreement Establishing the World Trade Organization, Annex 1C
(TRIPs).
20
Yusuf and von Hase (1992), p. 130.
21
CRNRIDC/94 (WIPO Copyright Treaty).
22
See comment made by the delegation of Singapore in Records of the Diplomatic Conference on
Certain copyright and neighbouring rights questions (1999). WIPO Publication, vol II, no 348,
p. 613.
166 L. Oprysk
3.1 Exclusive Rights Versus the Internal Market
The CJEU jurisprudence preceding the adoption of the Directives clarified four
important matters. First, it would be against the objectives of the EEC Treaty to
invoke the right of distribution under copyright to prevent importation of goods
already lawfully put on the EEC market.23 The emphasis is on the ‘lawfully’ put on
the market, as the consent of copyright holder for putting copies on the market was
never articulated as a necessary condition for exhaustion by the CJEU in the case
law preceding copyright harmonisation. Second, jurisprudence established that
invoking the right of distribution to prevent the import of the copies which were
lawfully put on the market in the third country could be justified on the grounds of
industrial property protection.24 Third, while preventing importation of copies law-
fully put on the market in one of the MS was against the EEC Treaty, it could nev-
ertheless be justified if national law of the country of destination provided for the
right of rental.25 Finally, the right holder could also rely on the right of distribution
to prevent importation of copies which were initially lawfully put on the European
Economic Area (EEA) market but in a MS where copyright protection had lapsed.26
Hence, the case law of this period neither precluded the international exhaustion,
as it merely established that preventing import from the countries outside the Union
can be justified, nor did it prescribe the conditions for it. The exhaustion was deemed
compatible with the EEC Treaty as long as the copies lawfully put on the market in
one of the MS were not prevented from entering the market of another MS, on the
sole ground that the fist putting on the market did not take place in the latter MS. In
other words, it only precluded exercising national exhaustion on the copies put into
circulation in a different MS. Moreover, the jurisprudence permitted right holders to
enforce their right of rental, irrespective of the exhaustion of distribution right that
might have already taken place in a different MS. In the course of subsequent har-
monisation, the EC seems to rely heavily upon a rigid interpretation of the CJEU
jurisprudence, although there is a doubt whether it can be interpreted beyond the
treatment of territoriality.27
23
Case C 78/70, Judgment of 8 June 1971; CJEU, Musik-Vertriebmembran GmbH and K-tel
International v GEMA, Joined cases C 55/80 and C 57/80, Judgment of 20 January 1981; CJEU,
Dansk Supermarked A/S v A/S Imerco, Case C 58/80, Judgment of 22 January 1981.
24
CJEU, Polydor Limited and RSO Records Inc v Harlequin Records Shops Limited and Simons
Records Limited, Case C 270/80, Judgment of 9 February 1982.
25
CJEU, Warner Brothers Inc and Metronome Video ApS v Erik Viuff Christiansen Case C 158/86,
Judgment of 17 May 1988.
26
CJEU, EMI Electrola GmbH v Patricia Im- und Export and others, Case C 341/87, Judgment of
24 January 1989.
27
As elaborated by Westkamp (2007), pp. 319–320.
3.2 Exhaustion Under the EU Directives
Under Art. 345 of the Treaty of the Functioning of the European Union (TFEU), MS
are free to legislate in the field of IP provided that the matter is not already harmon-
ised on the EU level.28 The legislative activity of the EU in the field of copyright is
mainly based on Art. 114 of the TFEU, which permits harmonising the national
laws for the purpose of maintaining the internal market. The latter, however, has
little in common with copyright and provides little guidance on the substance of the
rules.29 The policy behind the copyright acquis lies in the protection of interests, the
hierarchy of which cannot be established under the Treaty, resulting in a normative
gap.30
Community exhaustion principle, as shaped by the preceding CJEU jurispru-
dence, was incorporated into the Directives predominantly under Art. 30 of the
TFEU, which resulted in “an unintelligible equation between the basic freedoms to
provide, on the one hand, trade and services under European Community law and,
on the other hand, to provide classification of economic rights in intellectual
property”.31 Exhaustion read solely under Art. 30 of the TFEU does not lead to a
conclusion that its scope goes beyond the proprietary distribution right being
exhausted when an article is out on the consumer market.32 Moreover, it is only
evident that the very last act of distribution to the consumers shall exhaust the rights,
and up to this point the distribution chain is treated differently under the national
laws of the MS.33
Certain aspects of exhaustion were first harmonised in the act of secondary EU
legislation under the Software Directive (SD).34 The wording of exhaustion under
the Directive reflects then ongoing discussions on the international level. Inter alia,
in order to secure the rental right, the differentiation between the acts resulting in a
transfer of ownership and the acts merely constituting a transfer of possession was
drawn.35 Exception to an exception to an exclusive right under the SD was, de facto,
a proposal for introducing a right of rental for computer programs.36
28
Cistaro (2016), p. 141.
29
Ramahlo (2014), p. 208.
30
Ibid, p. 224.
31
Westkamp (2007), p. 292.
32
Ibid, p. 322.
33
Ibid, p. 329.
34
legal protection of computer programs (Codified version), OJ L 111/16 (Software Directive).
35
For the discussion, see Committee of Experts on Model provisions for legislation in the field of
copyright. First Session. Draft model provisions for legislation in the field of copyright.
Memorandum prepared by the International Bureau. III Comments on the draft model provisions
for legislation in the field of copyright. CE/MPC/I/2-III 1989. p. 20.
36
Gotzen (1990), p. 299.
168 L. Oprysk
Shortly after the SD, the principle was also codified under the Rental and Lending
Rights Directive (RLRD).37 The adoption of the latter is of interest, although the
exhaustion under the RLRD relates to the neighbouring rights only. Although the
preparatory works held that exhaustion provision is a simple codification of the
CJEU jurisprudence, the wording went clearly further. The language of the RLRD
has later been copied verbatim into the Copyright Directive (CPD) without any
discussion whatsoever.38 While the wording does not conflict with the CJEU juris-
prudence, it is not entirely backed up by the judgments either.
The CPD, also known as the InfoSoc Directive, is the main instrument of copy-
right harmonisation in the EU. The Art. 4.2 provides for the exhaustion of the right
of distribution for all types of works and reads as follows: “The distribution right
shall not be exhausted within the Community in respect of the original or copies of
the work, except where the first sale or other transfer of ownership in the Community
of that object is made by the rightholder or with his consent”.39
By harmonising the exhaustion principle under the CPD, the EC aimed to pre-
vent the distortion of the internal market caused by disparities under the national
laws.40 The European Economic and Social Committee did not evaluate the wording
of the provision at the preparatory stage, but merely supported the position on the
exhaustion’s territoriality (it being confined to the Community).41 Arguably, as put
by the Committee and also stipulated in the preceding Green Paper, the Community
exhaustion followed the CJEU jurisprudence.42 Codifying the case law under the
CPD was perhaps a logical step in harmonising the particular matters of copyright.
However, it appears to have gone clearly beyond what was mandated by the juris-
prudence without a sound preparatory work. Copying the wording from the previ-
ous Directive, which was serving different objectives, does not seem satisfactory,
especially in light of the overreaching character of the CPD.
37
Council Directive 92/100/EEC of 19 November 1992 on rental right and lending right and on
certain rights related to copyright in the field of intellectual property, OJ L 346/61.
38
harmonisation of certain aspects of copyright and related rights in the information society. OJ L
167/10 (Copyright Directive).
39
Ibid, Art. 4.2.
40
Proposal for a European Parliament and Council Directive on the harmonisation of certain
aspects of copyright and related rights in the Information Society COM (97) 628 final, p. 27.
41
Opinion on the proposal for a Council Directive on the legal protection of computer programs.
Economic and Social Committee 89/C 329/02.
42
Green Paper on Copyright and Related Rights in the Information Society. European Commission
COM (95) 382 final, p. 47.
4 Extending Exhaustion to the Digital Environment
Nowadays, a significant share of works protected by copyright is disseminated

online. More than fifty percent of the global music recording industry income comes
from digital channels, as well as a substantial part of the film and publishing indus-
try income.43 Partially, it can be attributed to the development of e-commerce and
the emergence of various online marketplaces, which facilitate distribution of cop-
ies on or without tangible mediums. However, the most significant feature of online-
enabled dissemination is making a work available to end-users in one way or another
through the means of the network, without the involvement of tangible mediums,
and on-demand basis.
Digital dissemination becoming the main channel of distribution raises the ques-
tion of appropriate regulation and application of existing legal norms. When it
comes to the copyright aspect, one of the most debatable issues is the scope of
exclusive rights online and their overlap.44 The applicability of the right of distribu-
tion to online dissemination and its exhaustion is one of the questions.45 While,
primarily, the exhaustion applicability is subject to the copyright regulations, in the
EU, it is also an important instrument of the single market. Accordingly, extending
exhaustion to online dissemination is addressed in the context of copyright and from
the internal market perspective.
4.1 Copyright Perspective
The question whether the right of distribution can be applied to online dissemina-
tion and subsequently exhausted is an unresolved one. While there are arguments
for and against it, one aspect is the consistency with the obligations under the inter-
national treaties. For instance, there is substantial support for the view that digital
exhaustion is precluded under the WIPO CT and, expressly, under the Agreed
Statement (AS) concerning Articles 6 and 7.46
The AS was offered by the Chairman of Diplomatic Conference to summarise
the comments on the so-called umbrella solution.47 It reads as follows: “As used in
these Articles, the expression ‘copies and originals’ being subject to the right of
43
International Federation of the Phonographic Industry (2019).
44
For instance, on the scope of the right of communication to the public. See Cook (2015), Leistner
(2015), Hugenholtz and van Velze (2016), Quintais (2018) and Ohly (2018).
45
More on digital exhaustion see Linklater (2014), Rognstad (2014), Spedicato (2015), Savic
(2015b), Hilty (2015) and Mysoor (2018).
46
On Agreed Statement precluding application of exhaustion online, see Savic (2015b), Rognstad
(2014) and Karapapa (2014).
47
Records of the Diplomatic Conference on Certain copyright and neighboring rights. Draft
Agreed Statements concerning Treaty NO. 1 submitted by Main Committee I to the Conference,
meeting in Plenary. CRNR/DC/92 Corr. 1996. p. 2.
170 L. Oprysk
distribution and the right of rental, refer exclusively to fixed copies that can be put
into circulation as tangible objects”.48
The meaning of the statement is often interpreted restrictively as precluding an
application of exhaustion to copies lacking tangible support. Although this chapter
does not aim to analyse the obligations in light of the AS, the author concurs with
the opposite interpretation. The AS shall be read in light of the umbrella solution,
according to which the Treaty obliges parties to provide copyright holders with an
exclusive right to authorise digital transmissions without prescribing the right under
which such acts shall fall.49
Therefore, for the purpose of the WIPO CT interpretation, it is important to dif-
ferentiate between the acts that always fall under the distribution right under the
Treaty (for instance, dissemination of tangible copies), and the acts of digital trans-
mission, for which no particular right is prescribed. The AS merely indicates a mini-
mum obligation to provide the right of distribution at least in respect of the tangible
copies.50 It shall not be seen as precluding application of the right of distribution to
digital transmissions, but as indicating that provisions of the article are aimed to
cover solely the analogue distribution.
The exhaustion principle under the CPD Directive has yet to be interpreted in the
context of intangible dissemination. Some scholars, however, believe that the CJEU
ruling in Art&Allposters indicated that the intangible copies are outside of the scope
of the Art. 4.2.51 Although the justifiability of considering the issue at stake in
Art&Allposters from the perspective of exhaustion is a topic on its own, it is impor-
tant to recall the aspects of exhaustion countering such conclusion.52 First, the
exhaustion principle under the EU acquis only exempts the subsequent distribution
of copies of a work from requiring an authorisation.53 Second, the CJEU seems to
err submitting that the principle applies to tangible objects rather than a copy of a
work itself, as the Court has rightly established in the later Ranks&Vasilevics
judgment.54
Furthermore, the CJEU employed the principle of technological neutrality when
ruling on exhaustion and related matters under other Directives.55 For instance, this
48
Records of the Diplomatic Conference on Certain copyright and neighboring rights questions
(1999). p. 777.
49
Geiger (2015), p. 424.
50
Ficsor (2002), p. 486.
51
CJEU, Art & Allposters International BV v Stichting Pictoright, Case C 419/13, Judgment of 22
January 2015. On precluding digital exhaustion see Rosati (2015) and Savic (2015a).
52
For a detailed analysis see Griffiths (2016). Also, Sganga (2018).
53
Other rights are not affected by the exhaustion, as well as any new forms of exploitation. For
instance, consider rental of distributed copies, subject to authorisation, although the exhaustion
allows further resale of copies. See Warner Brothers Inc and Metronome Video ApS v Erik Viuff
Christiansen, par. 14.
54
Art & Allposters International BV v Stichting Pictoright, par. 40. See also the comment on
Ranks&Vasilevics below.
55
On the CJEU applying technology-neutral approach see Linklater-Sahm (2017), p. 1556; on
exhaustion and neutrality Synodinou (2012), pp. 624–625.
section draws attention to three judgments by the CJEU: in UsedSoft,56

Ranks&Vasilevics57 and VOB cases.58 The first two cases concerned the SD. In
UsedSoft, the Court ruled on the applicability of the exhaustion principle to the cop-
ies delivered online and lacking a tangible medium, and in Ranks&Vasilevics, on
the notion of a subsequent acquirer of a copy relying on exhaustion. The VOB case
concerned the applicability of the lending right to e-lending under the RLRD and
the relevance of exhaustion under the CPD for the application of an exception to the
exclusive lending right.
In UsedSoft, the CJEU had to decide, inter alia, whether the right of distribution
under the Directive was exhausted when an acquirer obtained his copy with the right
holder’s consent by downloading it from the Internet. Interestingly enough, the
Court did not start with examining whether the initial dissemination of copies fell
under the right of distribution but proceeded directly to the conditions for exhaus-
tion to occur. The only condition the Court established for a transaction to qualify
for exhaustion was the first sale of a copy of a program.59 The CJEU found that a
download of a copy of a computer programme for disposal unlimited in time in
return for a fee constituted a transfer of ownership.60 The absence of a tangible
medium made no difference, as a copy remained inseparable from a user license
agreement from the point of view of the acquirer.61 Limiting the exhaustion princi-
ple to tangible copies would provide right holders with the excessive control over
intangible copies, which would undoubtedly go beyond what is necessary to achieve
the objectives of copyright protection.62
In Ranks&Vasilevics, the CJEU had to examine whether a lawful acquirer of a
copy of a computer programme could rely on the copyright exhaustion to resell a
backup copy of that computer programme. The Court recalled that the exhaustion
concerns a copy of a programme and not the material medium on which it is placed.63
The significance of the judgment is in establishing, that, although an acquirer is not
allowed to sell a backup copy of a computer programme if the original copy is dam-
aged, destroyed or lost, he is not deprived of a possibility to resell it altogether.
Although the judgment did not provide any guidance on how it might be achieved
56
CJEU, UsedSoft GmbH v Oracle International Corp, Case C 128/11, Judgment of 3 July 2012.
57
CJEU, Aleksandrs Ranks, JurijsVasiļevičs v Microsoft Corp, Case C 166/15, Judgment of 12
October 2016.
58
CJEU, VerenigingOpenbareBibliotheken v StichtingLeenrecht, Case C 174/15, Judgment of 10
November 2016.
59
UsedSoft GmbH v Oracle International Corp, par. 38.
60
UsedSoft GmbH v Oracle International Corp, par. 44–46.
61
UsedSoft GmbH v Oracle International Corp, par. 47.
62
UsedSoft GmbH v Oracle International Corp, par. 53–63.
63
Aleksandrs Ranks, JurijsVasiļevičs v Microsoft Corp, par. 34. This is contrary to what the CJEU
seems to indicate in Art&Allposters case, holding that the exhaustion applies to a tangible medium
on which a copy is fixed. See Art & Allposters International BV v Stichting Pictoright, par. 40.
172 L. Oprysk
in practice, it suggests that a vendor shall allow a download of a copy through their
webpage.64
The rulling in Ranks&Vasilevics received somewhat limited attention, as its
application at first glance seems somewhat narrow and based mainly on the findings
in the landmark UsedSoft judgment.65 The outcome of UsedSoft and the Court’s
reasoning resulted, on the other hand, into a lively debate on the future of exhaus-
tion in the online environment. The ruling was extensively commented on. For
instance, the judgment was criticised for misinterpreting the SD and the WIPO CT
by extending the scope of the right of distribution under the SD.66 The judgment has
also been characterised as dictated by a policy agenda to create exhaustion for soft-
ware or even for all types of works.67 The justifiability of such intent was not dis-
missed altogether, but alternative ways of dealing with the matter were proposed.68
The VOB case, although dealing with a different matter and under a different
Directive, provides an interesting precedent in the context of applying exhaustion
online. Firstly, it extended the application of the lending right, which in many coun-
tries is a part of a broader distribution right, to online dissemination, finding no
decisive ground to preclude the application of the lending right to the intangible
copies.69 Secondly, and most importantly, it ruled that the MS could make an appli-
cation of an exception to the lending right subject to the condition that the right of
distribution is exhausted under Art. 4.2 of the CPD. The latter leads to a significant
consequence. If the lending right covers also the intangible copies, and the right of
distribution under the CPD does not, it essentially renders the extension of the lend-
ing right to intangible copies useless.70 By making the application of an exception
to the lending right dependant on exhaustion, the application of which to intangible
copies is debated, MS would de facto block the exception as such. This would obvi-
ously be contrary to the intent of both the EC and the CJEU.
All three rulings have been apprised and criticised on many grounds, one of them
being the argumentation of the Court behind interpreting the provisions of the
Directives broadly. The paradox is that the Court’s approach of technological neu-
trality, praised by certain scholars, seems to lead to the very opposite effect. The
rulings attempt to recreate the circumstances of the analogue dissemination to find
online acts functionally equivalent to tangible distribution. Accordingly, rather than
64
The subsequent acquirer shall be able to download a copy from a vendor’s webpage, see
Aleksandrs Ranks, JurijsVasiļevičs v Microsoft Corp, par. 54.
65
See, for example, Colby (2017), Wolk (2017), Geiregat (2017), Leistner and Antoine (2018) and
Sganga (2018).
66
See, for example, Linklater (2014) and Rognstad (2014), pp. 4–9.
67
Savic (2015b), p. 426; Hilty (2015), p. 10.
68
Rognstad, for instance, criticised the Court for not putting aside the right of distribution and
recalling inexhaustibility of the right of communication to the public. In his view, the CJEU could
use alternative methods for enabling acquirers of software to dispose of it, for example based on
the impediment on the free movement of goods under the TFEU Treaty. See Rognstad (2014),
p. 15.
69
Vereniging Openbare Bibliotheken v Stichting Leenrecht, par. 44.
70
Also as stressed out by Linklater (2014), p. 1565.
embracing the diversity of online dissemination, they attempt to force the analogue
framework. The question is whether more flexible solutions could be found, either
within or outside of copyright.
4.2 T
he Internal Market and the Digital Single Market
Perspective
Following few reports and draft White Papers by the European Parliament and the
EC, the DSM Strategy was unveiled in 2015.71 The strategy aims to ensure that
“Europe maintains its position as a world leader in the digital economy, helping
European companies to grow globally”.72 It rests on three pillars: better access for
consumers and business to online goods and services across Europe, creating the
right conditions for digital networks and services to flourish, maximising growth
potential for the European Digital Economy.73
Copyright protection is mentioned few times in the Strategy. Remarkably, it is
found mostly in the context of the first pillar, corresponding to the better access to
digital content and, thus, mainly oriented to consumers. Territoriality of the rights
and their clearance could hinder end-users from acquiring content or accessing
content-based services from another MS. The digital environment enabled a variety
of services, which, on the other hand, fall short of availability because of the lack of
legal certainty. Three initiatives under the first pillar of the strategy have already
been adopted. They aim at combating unjustified geo-blocking in e-commerce, the
lack of access to digital services while outside of the home MS and the absence of
remedies for non-conformity of digital content.74 Copyright is, however, largely out-
side of the scope of these instruments. Consumer protection is addressed from the
contract law perspective and focuses mainly on purchasing and obtaining goods and
services.
Undoubtedly, exclusive rights under copyright come into contact with market
freedoms more often in the DSM than in the internal market of tangible goods. In
the absence of the influence from other fields of law (such as property law), copy-
right governs considerably more aspects of dissemination of digital goods and ser-
vices. The impact of copyright on the market freedoms shifted from distorting the
71
On the preceding reports, see Jütte (2017), pp. 79–89.
72
COM(2015), 192 final, p. 7.
73
Ibid, pp. 3–4.
74
Regulation (EU) 2018/302 of the European Parliament and of the Council of 28 February 2018
on addressing unjustified geo-blocking and other forms of discrimination based on customers’
nationality, place of residence or place of establishment within the internal market and amending
Regulations (EC) No 2006/2004 and (EU) 2017/2394 and Directive 2009/22/EC, OJ L 60I/1;
cross-border portability of online content services in the internal market, OJ L 168/1; Directive
(EU) 2019/770 of the European Parliament and of the Council of 20 May 2019 on certain aspects
concerning contracts for the supply of digital content and digital services. OJ L 136/1.
174 L. Oprysk
free movement of goods in the analogue internal market to hindering access and
disposal of works in the DSM. Prominently, the copyright protection rather than
technological capabilities restrains the acquisition and the consumption of a work
by end-users. While previously, the regulation of cross-border trade and parallel
importation was at stake, it is increasingly the reasonable expectations of consumers
which are contemplated.
Territoriality of the protected rights and their exhaustion, while still playing a
role in the DSM, is no longer of assistance to the EC or the CJEU in eliminating the
impediment to the DSM. Namely, export or import of copies is not a crucial concern
anymore, considering the way businesses operate and the absence of the bulk sale
online. The early references to the CJEU, in which the Community exhaustion was
articulated, were made in the context of the free movement of goods and the parallel
importation. While similar issues are unlikely to arise in the DSM, consumer expec-
tations became an increasingly debated area of concern.75
In the analogue world, the exhaustion principle was capable of mitigating mul-
tiple concerns by enabling a (relatively) free disposal of an acquired copy of a work,
thus facilitating the free movement of goods in the internal market. In the era of
digital dissemination and the DSM, the role and potential of the principle are
uncertain. In circumstances where technology enables pervasive control over the
distributed copies, and copyright endorses it, the exhaustion alone does not repre-
sent a comprehensive solution.
For instance, intermediaries distributing intangible copies of a work or providing
access to a work have a variety of technology-enabled instruments at their disposal
to control and restrict the acquisition and the use of a work. Given that employing
these technologies is protected under the copyright as Technological Protection
Measures (TPM), the exhaustion of the right to control the distribution in isolation
is not enough to facilitate a secondary market or enable further disposal of acquired
items.76 Still, complete inapplicability of the exhaustion to the digital environment
would be to the detriment of the DSM too.77
Another reason for exhaustion not being a perfect fit for dealing with the issues
of online dissemination, is possibly an arbitrary distinction between goods and ser-
vices in the DSM.78 The analogue internal market encountered conflicts with the
exclusive rights mainly in the context of the free movement of goods, while services
remained a somewhat grey area. The tendency has been to qualify most of the ways
of providing copyright-protected content online as a provision of services rather
than goods. A clear distinction has never been articulated, and it is safer for the
stakeholders to treat online dissemination as sui generis depending on the circum-
stances.79 The digital environment enables combining features typically associated
with the provision of both goods and services. Thus, qualification of the business
75
Guibault (2016), pp. 207–227.
76
More on the point in the context of e-books in Oprysk et al. (2017), pp. 133–135.
77
On the role of exhaustion for economic freedoms in the DSM, see Cistaro (2016), p. 134.
78
More on this aspect see Mysoor (2018), pp. 677–683.
79
Hojnik (2016), p. 83.
models operating online under one of the categories seems rather outdated. A fur-
ther discussion, however, is outside of the scope of this chapter.
Finally, yet importantly, as was briefly addressed in the previous section, even
the so-called technology-neutral approach to the exhaustion under the EU acquis
can be of detriment to the further development of the DSM. The approach is char-
acterised by the lack of flexibility which is required to fully embrace the potential of
technology. The wording of the exhaustion principle dates back to the analogue
dissemination and serves to achieve the objectives articulated at that time. Enabling
the “digital” exhaustion by forcing the legacy of the analogue framework upon the
online dissemination bears the danger of achieving less than possible in balancing
the copyright and consumer protection.
5 R
eference in Tom Kabinet and Future of the Digital Single
Market
The long-awaited reference for a preliminary ruling from the Dutch Court has
recently reached the CJEU.80 For the first time, the CJEU is asked to rule on the
applicability of the exhaustion to intangible copies and the scope of the right of
distribution online under the CPD. Besides the distribution right, the referring Court
also asks for a ruling on the right of reproduction for the subsequent disposal of a
copy, which is outside of the scope of this enquiry.
Essentially, the CJEU is asked whether a remote distribution of e-books at a price
ensuring a fair remuneration of copyright holders falls under the Art. 4.1 of the
CPD. If the question is answered in the affirmative, the next question is whether a
download for an unlimited time, which meets the conditions of the first question,
exhausts the right of distribution. These are precisely the questions that occupied the
scholars ever since UsedSoft.81 The judgment would cause profound consequences
regardless of the outcome. However, it would neither put the discussion nor the pos-
sibility to facilitate a potential secondary market to an end. If not for other reasons,
the ruling would become an important precedent on the extent of copyright protec-
tion online and the scope of the exclusive rights.
An affirmative answer to the questions would inevitably result in a lively debate
on the creation of a secondary market for digital copies. The latter, as has been dem-
onstrated in the previous section, is not a straightforward task and depends largely
on the vendor’s ability to circumvent the exhaustion of the distribution right by
applying TPM and/or exercising the rights other than distribution, such as the repro-
duction right. Nonetheless, the subsequent discussion would also largely depend on
the affirmative answer to the remaining questions on the right of reproduction.
80
CJEU, Nederlands Uitgeversverbond and Groep Algemene Uitgevers, Case C 263/18.
81
Among others, Schulze (2014), Savic (2015b) and Rosati (2015).
176 L. Oprysk
In addition, the affirmative answer would also trigger a further debate on the
reasonable expectations of consumers in light of the exhaustion of the right of dis-
tribution. Intermediary’s willingness to meet the expectations of the end-users could
become a key factor for developing business models matching the interests of both
right holders and consumers. Nevertheless, intermediaries also have the advantage
of being able to adapt to the changing circumstances, as observed after UsedSoft
judgment. Since the referring Court asks about the exhaustion solely in the context
of a copy provided on a time-unlimited basis, vendors could unilaterally change
their licensing model from a perpetual to a time-limited one. Much of the content
online is already distributed on a time-limited subscription-based basis. Accordingly,
the criteria of the exhaustion applicability, which is based on the duration of a
license, is serving neither the legal certainty nor consumer expectations.
On the contrary, answering the questions in the negative would eliminate the
exhaustion as the boundary of the exclusive distribution right from the tools for
creating the DSM. It certainly does not mean that denying the “digital” exhaustion
would put to an end any possibility of restricting the exclusive rights in the context
of online dissemination. Other instruments, such as consumer protection or compe-
tition law, could potentially be used for this purpose. Notwithstanding, the exhaus-
tion principle would be a more powerful tool, as it restricts the exercise of the
exclusive right by confining its boundaries. Furthermore, denying the exhaustion’s
applicability in the digital environment could foreclose further development in this
field or cause the stagnation in adapting the copyright to the digital age.
6 Conclusions
The CJEU ruling in the upcoming reference from the Dutch Court on the applicabil-
ity of the copyright exhaustion to online dissemination would become a landmark
case for the EU copyright acquis and an important one for the future of the copy-
right protection online. In addition, it would cause broad implications for other
fields of law and the current harmonisation efforts on the EU level. The transition to
the digital dissemination is on-going and so are the efforts to modernise the EU
legal framework to unlock the full potential of the DSM. In light of the exhaustion’s
role in enabling the analogue EU internal market, the upcoming reference provides
a chance to employ the concept to serve the DSM. Nevertheless, the implications
caused by the copyright online are different from that in the analogue world and
shall be accounted for.
While the ruling endorsing the application of the copyright exhaustion online
would contribute to the certain aspects of the DSM, namely the protection of rea-
sonable consumer expectations, it would not eliminate the challenges the DSM is
facing in this area in its entirety. The copyright aspect in isolation would not be
capable of resolving the difficulties in a way comparable to the analogue world.
Nevertheless, opting for denying the “digital” exhaustion altogether could deprive
the courts of a powerful instrument for balancing the divergent objectives of copy-
right protection. As seen in the aftermath of UsedSoft, the exhaustion’s applicability

did not severely affect the industry, but might even have encouraged further devel-
opment. Accordingly, the reference would be very timely and encourage further
discussion on the matter. Notwithstanding, it also bears a risk of resulting in a short-
coming by ruling on a specific aspect of online dissemination rather than developing
a comprehensive solution for resolving the conflict between the exclusive rights and
the objectives of the DSM.
References

Cistaro M (2016) The interface between the EU copyright law and the fundamental economic free-
doms of trade and competition in the digital single market: from the FAPL case to the decision
in UsedSoft. Queen Mary J Intellect Prop 6(2):133–153
CJEU, Aleksandrs Ranks, JurijsVasiļevičs v Microsoft Corp, Case C166/15, Judgment of 12
October 2016
CJEU, Art & Allposters International BV v Stichting Pictoright, Case C 419/13, Judgment of 22
January 2015
CJEU, Dansk Supermarked A/S v A/S Imerco, Case C 58/80, Judgment of 22 January 1981
Case C 78/70, Judgment of 8 June 1971
CJEU, EMI Electrola GmbH v Patricia Im- und Export and others, Case C 341/87, Judgment of
24 January 1989
CJEU, Musik-Vertriebmembran GmbH and K-tel International v GEMA, Joined cases C 55/80 and
C 57/80, Judgment of 20 January 1981
CJEU, Nederlands Uitgeversverbond and Groep Algemene Uitgevers, Case C 263/18
CJEU, Polydor Limited and RSO Records Inc. v Harlequin Records Shops Limited and Simons
Records Limited, Case C 270/80, Judgment of 9 February 1982
CJEU, UsedSoft GmbH v Oracle International Corp, Case C 128/11, Judgment of 3 July 2012
CJEU, VerenigingOpenbareBibliotheken v StichtingLeenrecht, Case C 174/15, Judgment of 10
November 2016
CJEU, Warner Brothers Inc and Metronome Video ApS v Erik Viuff Christiansen, Case C 158/86,
Judgment of 17 May 1988
Colby J (2017) Back-ups on non-original tangible copies do not benefit from the doctrine of
exhaustion. J Intellect Prop Law Pract 12(2):83–84
Commission Staff Working Document: A Digital Single Market Strategy for Europe - Analysis and
Evidence. Communication from the Commission to the European Parliament, the Council, the
European Economic and Social Committee and the Committee of the Regions. A Digital Single
Market Strategy for Europe SWD (2015), 100 final
Committee of Experts on a Possible Protocol to the Berne Convention. First Session. Questions
concerning a possible protocol to the Berne Convention Part II. (Draft). Memorandum prepared
by the International Bureau. BCP/CE/I/3 1991
Committee of Experts on Model provisions for legislation in the field of copyright. First Session.
Draft model provisions for legislation in the field of copyright. Memorandum prepared by the
International Bureau. III Comments on the draft model provisions for legislation in the field of
copyright. CE/MPC/I/2-III 1989
178 L. Oprysk
Economic and Social Committee and the Committee of the Regions, A Digital Single Market
Strategy for Europe COM(2015), 192 final
Cook T (2010) Exhaustion – casualty of the borderless digital era. In: Bentley L, Suthersanen E,
Torremans P (eds) Global copyright: three hundred years since the Statute of Anne, from 1709
to cyberspace. Edward Elgar, pp 354–366
Cook T (2015) The restricted act of making available and communication to the Public in the
European Union. J Intellect Prop Rights 20:60–66
Council Directive 92/100/EEC of 19 November 1992 on rental right and lending right and on cer-
tain rights related to copyright in the field of intellectual property, OJ L 346/61
harmonisation of certain aspects of copyright and related rights in the information society. OJ
L 167/10
property, OJ L 376/28
Directive 2009/24/EC of the European Parliament and of the Council of 23 April 2009 on the legal
protection of computer programs (Codified version), OJ L 111/16
Directive (EU) 2019/770 of the European Parliament and of the Council of 20 May 2019 on certain
aspects concerning contracts for the supply of digital content and digital services. OJ L 136/1
Ficsor M (2002) The law of copyright and the Internet: the 1996 WIPO treaties, their interpretation
and implementation. Oxford University Press
Gallego BC (2003) The principle of exhaustion of rights and its implications for competition law.
Int Rev Intellect Prop Compet Law 34(5):473–502
Geiger C (2015) In: Stamatoudi I, Torremans P (eds) EU Copyright Law. Edwar Elgar
Geiregat S (2017) Digital exhaustion of copyright after CJEU judgment in Ranks and Vasiļevičs.
Comp Law Secur Rev 33(4):521–540
Gotzen F (1990) Distribution and exhaustion in the EC. Eur Intellect Prop Rev 12(8):299–303
Green Paper on Copyright and Related Rights in the Information Society. European Commission,
COM (95) 382 final
Griffiths J (2016) Exhaustion and the Alteration of Copyright Works in EU Copyright Law –
(C-419/13) Art & Allposters International BV v Stichting Pictoright. ERA Forum 2016.
Available via SSRN. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2784704
Guibault L (2016) Individual licensing models and consumer protection. In: Hilty R, Liu KC (eds)
Exploring sensible ways for paying copyright owners? Springer, pp 207–227
Hilty R (2015) “Exhaustion” in the digital age. Max Planck Institute for Innovation and Competition
Research Paper No. 15-09, 2015. Available via SSRN. https://papers.ssrn.com/sol3/papers.
cfm?abstract_id=2689518
Hojnik J (2016) Technology neutral EU law: digital goods within the traditional goods/services
distinction. Int J Law Inf Technol 25:63–84
Hugenholtz PB, van Velze SC (2016) Communication to a new public? three reasons why EU
copyright law can do without a “New public”. Int Rev Intellect Prop Compet Law 47:797–816
International Federation of the Phonographic Industry (2019) Key Statistics of 2018. Available via
IFPI. http://www.ifpi.org/global-statistics.php
Jehoram HC (1994) The EC copyright directives, economics and authors’ rights. Int Rev Intellect
Prop Compet Law 25(6):821–840
Jütte BJ (2017) Reconstructing European copyright law for the digital single market. Nomos
Verlagsgesellschaft
Karapapa S (2014) Reconstructing copyright exhaustion in the online world. Intellect Prop Q
4:307–325
Katz A (2014) The first sale doctrine and the economics of post-sale restraints. Brigham Young
Univ Law Rev 1:55–142
Leistner M (2015) Copyright at the interface between EU law and national law: definition of
“work” and “right of communication to the public”. J Intellect Prop Law Pract 10(8):626–637
Leistner M, Antoine L (2018) Exhaustion and Second-Hand Digital Goods/Contents. In: Heath
C, Kamperman Sanders A, Moerland A (eds) Intellectual Property Rights as Obstacles to
Legitimate Trade? Wolters Kluwer, pp 159–180
Linklater E (2014) UsedSoft and the big bang theory: is the e-exhaustion meteor about to strike? J
Intellect Prop Inf Technol Electron Commer Law 5(1):12–22
Linklater-Sahm E (2017) The libraries strike back: the “right to e-lend” under the rental and lend-
ing rights directive: VerenigingOpenbareBibliotheken. Common Mark Law Rev 54:1555–1570
Longdin L, Lim PH (2013) Inexhaustible distribution rights for copyright owners and the foreclo-
sure of secondary markets for used software. Int Rev Intellect Prop Compet Law 44(5):541–568
Lucas A (2010) International exhaustion. In: Bentley L, Suthersanen E, Torremans P (eds) Global
copyright: three hundred years since the Statute of Anne, from 1709 to cyberspace. Edward
Elgar, pp 304–320
Mysoor P (2018) Exhaustion, non-exhaustion and implied licence. Int Rev Intellect Prop Compet
Law 49(6):656–684
Ohly A (2018) The broad concept of “communication to the public” in recent CJEU judgments
and the liability of intermediaries: primary, secondary or unitary liability? J Intellect Prop Law
Pract 13(8):664–675
Opinion of AG on the case EMI Electrola GmbH v Patricia Im- und Export and others, C 341/87,
Opinion of 29 November 1988
Opinion on the proposal for a Council Directive on the legal protection of computer programs.
Economic and Social Committee 89/C 329/02
Oprysk L, Matulevičius R, Kelli A (2017) Development of a secondary market for e-books: the
case of Amazon. J Intellect Prop Inf Technol Electron Commer Law 8(2):128–138
Proposal for a European Parliament and Council Directive on the harmonisation of certain aspects
of copyright and related rights in the Information Society COM (97) 628 final
Quintais JP (2018) Untangling the hyperlinking web: in search of the online right of communica-
tion to the public. J World Intellect Prop 21(3-4):1–36
Ramahlo A (2014) Copyright law-making in the EU: what lies under the ‘internal market’ mask?
J Intellect Prop Law Pract 9(3):208–224
Rb Den Haag, NUV v Tom Kabinet, 12 July 2017, ECLI:NL:RBDHA:2017:7543
Records of the Diplomatic Conference on Certain copyright and neighboring rights. Draft Agreed
Statements concerning Treaty NO. 1 submitted by Main Committee I to the Conference, meet-
ing in Plenary.CRNR/DC/92 Corr. 1996
Records of the Diplomatic Conference on Certain copyright and neighboring rights questions
(1999) WIPO Publication, vol II, no 348
cross-border portability of online content services in the internal market, OJ L 168/1
Regulation (EU) 2018/302 of the European Parliament and of the Council of 28 February 2018
on addressing unjustified geo-blocking and other forms of discrimination based on custom-
ers’ nationality, place of residence or place of establishment within the internal market and
amending Regulations (EC) No 2006/2004 and (EU) 2017/2394 and Directive 2009/22/EC,
OJ L 60I/1
Rognstad OA (2014) Legally flawed but politically sound? Digital exhaustion of copyright in
Europe after UsedSoft. Oslo Law Rev 1:1–19
Rosati E (2015) Online copyright exhaustion in a post-Allposters world. J Intellect Prop Law Pract
10(9):673–681
Rubí Puig A (2013) Copyright exhaustion rationales and used software: a law and economics
approach to oracle v. UsedSoft. J Intellect Prop Inf Technol Electron Commer Law 4(3):159–178
Savic M (2015a) The CJEU Allposters Case: beginning of the end of digital exhaustion? Eur
Intellect Prop Rev 37(6):389–394
180 L. Oprysk
Savic M (2015b) The legality of resale of digital content after UsedSoft in subsequent German and
CJEU case law. Eur Intellect Prop Rev 37(7):414–429
Schovsbo J (2010) Exhaustion of Rights and Common Principles of European Intellectual Property
Law. Available via SSRN. http://ssrn.com/abstract=1549526
Schulze EF (2014) Resale of digital content such as music, films or eBooks under European law.
Eur Intellect Prop Rev 36(1):9–13
Sganga C (2018) A plea for digital exhaustion in EU copyright law. J Intellect Prop Inf Technol
Electron Commer Law 9(3):211–239
Slotboom MM (2003) The exhaustion of intellectual property rights: different approaches in EC
and WTO law. J World Intellect Prop Law 6(3):421–440
Spedicato G (2015) Online exhaustion and the boundaries of interpretation. In: Caso R, Giovanella
F (eds) Balancing copyright law in the digital age. Springer, Berlin, pp 27–64
Synodinou T (2012) The principle of technological neutrality in European copyright law: myth or
reality? Eur Intellect Prop Rev 34(9):618–627
Tjin Tai ET (2003) Exhaustion and online delivery of digital works. Eur Intellect Prop Rev
25(5):2017–2211
Westkamp G (2007) Intellectual property, competition rules, and the emerging internal market:
some thoughts on the European Exhaustion Doctrine. Marquette Intellect Prop Law Rev
11(2):291–335
CRNRIDC/94
WIPO Performances and Phonograms Treaty S. Treaty Doc. No. 105-17, 36 ILM 76 (1997)
Wolk S (2017) CJEU holds that reproduced copies cannot be resold. Eur Intellect Prop Rev
39(2):125–126
Yusuf A, von Hase AM (1992) Intellectual property protection and international trade – exhaustion
of rights revisited. World Compet 16(1):115–131
Part II
Emerging Technologies and New Digital
Challenges
Chapter 8
Spoilers Under European Internet Law
Philippe Jougleux
Abstract This chapter discusses the legal framework of “spoilers”, defined here as
the revelation of elements of a plot of a piece of fiction that the public is not yet
aware of. The author distinguishes between “relative spoilers”, i.e., information
about an already published work of mind, and “absolute spoilers”, i.e., information
about a non-published work of mind. In the first part, it is argued that relative spoil-
ers do not raise any liability as the person who publishes the spoiler is protected by
freedom of expression. However, the question of moderation touches on sensitive
legal issues related to the need to enforce a stronger horizontal effect of freedom of
expression on the Internet. The second part focuses on the “absolute spoiler” and
considers it as a form of information theft that is nowadays regulated by the Directive
on trade secrets. In the third and last part of the chapter, the author shows how, alter-
natively, copyright law could be of use in guarding against both relative and abso-
lute spoilers.
1 Introduction
In the Internet society, people vote, comment, post, value, like, dislike, rate, follow
and tweet. This enormous amount of information is mainly based on subjective
values. Such communication, being an expression of the personality of the person
concerned, also represents an indication to others on what to see, what to watch or
what to read. For better or worse, everybody becomes an art critic. However, how
can we talk or write about a movie, a TV show or a book without explaining it and
without revealing what we liked or not? There is a great temptation to explain the
plot, the mysteries, the big secret and all of these mechanisms of suspense the author
had inserted into the story, to arouse the interest of the reader or the viewer. This
phenomenon is commonly described as spoiling the movie, on the assumption that
the revelation will “spoil” all of the interest in the movie or book.
P. Jougleux (*)
School of Law, European University Cyprus, Nicosia, Cyprus
e-mail: p.jougleux@euc.ac.cy

https://doi.org/10.1007/978-3-030-25579-4_8
184 P. Jougleux
New practices have appeared, such as the indication on the title of an article that
certain information will be revealed, by adding the expression “spoiler alert”. From
a legal aspect, however, this question poses some new challenges that have not
really been explored in detail yet by the doctrine. In a global entertainment system
with simultaneous broadcasting of the most popular TV shows worldwide, a spoiler
would potentially inflict huge economic damage on the right holders on the one
hand, as the interest in the show will be diminished, and moral damage on the users
on the other hand, as they are no longer in a position to fully appreciate the immate-
rial good. Furthermore, the legal issues posed by the spoiler offer a great opportu-
nity to reassess and discuss the evolutions of fundamental principles related to
regulation of the Internet, such as the extent of freedom of expression or the protec-
tion of information.
To better understand the legal issues related to spoilers, two categories of spoilers
have to be distinguished. The first scenario concerns sensitive information about a
work of mind that has already been published or broadcast (Sect. 2). The informa-
tion discloses an important part of the story, but the source of the information
enjoyed legal access to it, whereas the public may or may not have had the opportu-
nity to access it. In this case, the spoiler can be described as a “relative spoiler”.
While there is, on the face of it, no doubt that a relative spoiler should be covered by
the human right of freedom of expression, its existence and its boundaries offer a
great opportunity to discuss its effectiveness on the Internet.
The second category of spoiler could, on the other hand, be defined as an “abso-
lute spoiler”. It concerns the publication of sensitive information about a work of
mind that has not yet been published or broadcast. Subsequently, the hypothesis of
a piece of information about a non-published work, or “absolute spoiler” will be
analysed. This situation is deemed to activate various legal protection mechanisms
covering confidential information, mainly the protection of trade secrets (Sect. 3).
However, it is also possible that copyright law could prove to be a useful legal
instrument used against spoilers in certain circumstances (Sect. 4).
2 L
egal Aspects of the “Relative Spoiler”: The Impossible
Protection
Legal frameworks of extra-contractual liability—either torts or civil liability—fail

to effectively protect the victim of a relative spoiler (Sect. 2.1). The rationale behind
this is the protection of freedom of expression (Sect. 2.2). However, the extensive
use of contract law in the digital environment might change this equilibrium (Sect.
2.3).
8 Spoilers Under European Internet Law 185
2.1 T
heoretical Background on Information
from a Civil Law Aspect
From the point of view of the law of obligations, would it be possible for someone
to be liable for the act of disclosing a spoiler to another person? This issue is not
related to honour, privacy or false statement, where legal protection mechanisms are
traditionally recognised. As a form of negligent statement, would it be possible to
argue that the “spoiling person” has breached a legal or common law duty to refrain
from publishing spoilers, from a common law perspective? No such duty exists for
the moment and even if it did exist, the tort of negligence would also presuppose the
existence of a close relationship. Specifically regarding negligent statement, the
Hedley Byrne case law1 establishes a number of very strict conditions: the declarant
must be a specialist, he must have known that the other person will have confidence
in his expertise and he must accept the possibility of incurring liability. This leads
to the conclusion that spoiling persons cannot be sued for negligence.
Even if the spoiler is intentional, in the sense that the spoiler is told to a specific
person, with the aim of ruining the entire movie or book experience, this would fall
within the legal framework of intentional infliction of emotional distress. However,
this tort is rarely used and for instance in the UK, the Supreme Court recently had
the occasion to limit its application solely to cases where lies are told.2
This reasoning also applies in civil law countries. Extra-contractual liability in
civil law countries is not limited to acts or omissions and should in theory also apply
to statements. However, in practice, this encounters huge difficulties.
Characteristically, in France, a decision of the Supreme Court in 20053 expressly
halted any effort to base liability for statements on the general rule of delict liability.
In this case, a newspaper published a fiction about a real tragedy, describing in great
detail the characters and feelings of the protagonists. The Court of Appeal consid-
ered that there was no element of violation of privacy. However, the Court found the
newspaper guilty on the grounds of Article 1382 of the Civil Code on extra-
contractual liability for fault. The Supreme Court did not follow this reasoning and
established the principle that “According to section 1382 of the Civil Code; Abuse
of freedom of expression against persons cannot be used as grounds for legal action
on the basis of this text”.4 This decision has been confirmed as a new piece of
Supreme Court case law by following decisions previously made,5 although s cholars
1
Hedley Byrne & Co Ltd v Heller & Partners Ltd (1964) AC 465 (HL).
2
Rhodes v OPO [2015] UKSC 32.
3
Cour de Cassation, Chambre civile 1, du 27 September 2005, 03-13.622, Publié au bulletin 2005
I N° 348 p. 289.
4
“Vu l’article 1382 du Code civil; Attendu que les abus de la liberté d’expression envers les per-
sonnes ne peuvent être poursuivis sur le fondement de ce texte”.
5
See for instance Cour de Cassation, 1 re ch. civ. 2013, Comité du débarquement c/ Mme X. et
AspEG.
186 P. Jougleux
do not unanimously agree on this change, since the Court does not base its logic on
any specific text that would explain this solution.6
Therefore, both in common law and civil law systems, only contract law, by
means of a non-disclosure agreement, can create an obligation of silence between
two persons. Furthermore, although the possibility of extra-contractual liability for
fault was accepted for the publication of a “relative spoiler”, the question of assess-
ing the extent of damages would be far from clear. While courts traditionally pos-
sess a vast degree of discretion in terms of asserting the emotional distress suffered
by the plaintiff, some research seems to prove that the victims of spoilers tend to
appreciate the story to a greater extent than they would if they had not read the
spoiler.7 This is explained by the idea that, once they are aware of the big secret
harboured by the story, the reader or viewer will try to find some hints of it as a kind
of game in the previous chapters.
2.2 T
he “Relative Spoiler” Protected by Freedom
of Expression
If civil law does not offer extra-contractual solutions to protect the user’s interest to
fully enjoy a work of mind, the explanation can be found in freedom of expression
and the jurisprudential interpretation of Article 10 of the European Convention on
Human Rights (ECHR). Even if, from a European perspective, freedom of expres-
sion is not recognised as an absolute human right, extensive case law built up by the
European Court of Human Rights (ECtHR) indicates that interference with freedom
of expression is accepted only based on the cumulative application of three condi-
tions: the interference has to involve a legitimate purpose, prescribed by law and
necessary in a democratic society. Article 10 (2) of the ECHR lays down a list of
legitimate interferences. In terms of the scope of this analysis, the most relevant part
of this list is the indication of confidential information as a legitimate interest. In
other words, only if the information is confidential in nature (i.e., the case of the
“absolute spoiler”, not the “relative” one) it would be possible to take legal action
against its publication.
Characteristically, in the “Observer and Guardian”8 case of 1991, the European
Court had to decide whether gagging orders issued against the publication of quotes
from a book named “Spycatcher” would be legitimate. The book described the life
of a secret agent and potentially revealed secret defence information. The Court
ruled that while the injunction would have been legitimate before the publication of
the book, from the moment the book was published in the United States of America
(USA), the information had lost its confidentiality. Before the publication of the
6
Derieux (2014). See at the opposite, Latil (2014).
7
See Kiderra (2011).
8
ECHR, Observer et Guardian, App No 13585/88, 26 November 1991.
book “Spycatcher” in the USA, national security interests would have prevailed and
the gagging order would have been legitimate; afterwards, however, the information
had lost its confidentiality, and therefore freedom of expression would prevail.
2.3 T
he Controversial Use of Contract Law
as a Censorship Tool
Consequently, no liability arises from the publication of “relative spoilers”, since

the latter are protected by the human right of freedom of expression. However, self-
regulation could constitute a solution to this, through the adoption, for instance, of
ethical measures. In other words, once more in the case of Internet law, intermediar-
ies are called upon to give an answer to this issue. This is characteristic of how most
content-hosting services have implicitly evolved into content editors. For instance,
the most popular TV shows are nowadays imported from the USA. The TV show is
simultaneously broadcast on European channels, but this unavoidably means the
new episode will be broadcast at around 2 am. Even if the public opts for broadcast-
ing the next day, journalists will have already had access to it. Spoilers in the form
of pictures from the movie, click bait titles and, of course, all spoiler articles will
then submerge social media and news aggregators. Users will find it impossible to
avoid spoilers and the only solution would therefore be to apply a kind of
moderation.
Private initiatives for the creation of an ethical code governing spoilers have
multiplied in recent years. This code usually first proposes a “Fair warning” (the
indication “spoiler alert” in the title, for instance), combined with a “three-year
test”.9 Three years after the first publication of the work is long enough to consider
that the information is “safe” to reveal to everyone. These codes are obviously not
enforceable by themselves. However, they can be adopted by a service provider as
part of its terms and conditions. Curiously, contract law is in this case being updated
to have the role of a moderation tool.
Incidentally, the validity of this “contract law approach to Internet expression”
leads on to the issue of its horizontal effects. Indeed, regarding “relative spoilers”,
adopting a practical approach, the question is whether the Internet hosting service
can or even must moderate the spoiling comment. The ECtHR has already admitted,
on a case related to freedom of expression, that the human rights protected by the
Convention apply not only to the relationship between the State and its citizens, but
also between citizens themselves.10 This corresponds to the indirect horizontal
effect of the Convention’s theory,11 which is consecrated by the use of the mecha-
nism of a positive duty. In other words, under certain circumstances (and not
9
See Bartz and Ehrlich (2012).
10
Fuentes Bobo c. Espagne, no 39293/98, 29 Février 2000.
11
See Bioy (2012).
188 P. Jougleux
s ystematically), it is held that Member States have a positive duty to protect the
application of freedom of expression between individuals.
Is the abuse by the hosting service of the right to moderate the service concerned
by its application? Is it illegal for a content-hosting service, applying its term and
conditions, to delete a spoiler (and sometimes, by extension, to terminate the con-
tract with the user, closing his or her account)? In the case Appleby and Others v
UK,12 in relation to the refusal by a company to install a stand, the ECtHR decided
that Member States had no positive duty to enforce freedom of expression in this
situation, since a positive duty here would violate the right to property (Art.1 of the
First Additional Protocol of the ECHR). By extension and extrapolating on this
case, the right to property of the hosting service on its server would justify some
messages being moderated if they violate the contractual terms of the service.
This situation leaves a lot of discretionary powers to the hosting service. In prac-
tice, the problem of the horizontal effect of freedom of expression leads to a severe
limitation of its protection, as the major part of online media expression is managed
by the private sector.13 On the other hand, the ECtHR has recently accepted the right
of access to information as a part of freedom of expression.14 Furthermore, the free-
dom to receive information—does not extend only to reports of events of public
concern, but also covers cultural expressions and entertainment.15 From this per-
spective, therefore, the moderation of messages would constitute a violation of the
freedom to receive information, if it is not justified by the illegality of the informa-
tion… or a violation of the contractual terms of service.
However, contract law can be an uncertain tool for arbitrating this discussion and
its use may, paradoxically, turn against the hosting service company. On the one
hand, a violation of the terms of service is deemed sufficient grounds to delete the
comment and to close the account. On the other hand, it could be asserted that every
message that is not clearly in breach of the legislation should remain on the server,
thanks to the application of the mechanism of implied terms of contract law. The
recent French case regarding the famous painting “l’ Origine du monde” (Gustave
Courbet, 1866), which shows a close-up view of the genitals and abdomen of a
naked woman, is characteristic of this problem. A French teacher had posted a pic-
ture of the painting on his Facebook account and the company closed it for violating
the social network's rules barring nudity. The teacher protested and claimed it was a
form of censorship. The French court ruled on 15 March 2018 that Facebook failed
to fulfill its contractual obligations towards the user, since it deactivated the account
“without giving Frédéric Durand a reasonable period of notice and without specify-
ing the reasons for this deactivation”.16 Therefore, while no violation of freedom of
expression per se was found, freedom of expression was indirectly protected, thanks
to the application of contract law.
12
ECHR, Appleby et autres v Royaume-Un, App No 44306/98, 24 September 2003.
13
See Hartmann (2013).
14
See Bychawska-Siniarska (2017).
15
ECHR, Khurshid Mustafa and Tarzibachi v Sweden, App No 23883/06, 16 March 2009.
16
See Stapley-Brown (2018).
Applying these findings to “relative spoilers”, it is possible to conclude first that

although they do not give rise to liability, the spoiler’s author is not however pro-
tected against private censorship. This issue is still uncertain, since the legal mecha-
nism of implied terms could be used by the courts as a safeguard against the broad
discretionary powers left to private companies on the freedom of expression online.
3 L
egal Aspects of the “Absolute Spoiler”: A Case
of Information Theft
The problem of the absolute spoiler forms part of the thorny issue of the protection
of confidential information. While the traditional answers to this questionnaire were
vague and incomplete (Sect. 3.1), the new Directive on trade secrets17 lays down a
serious basis for greater legal certainty (Sect. 3.2).
3.1 Information Protection in the Digital Age
From a property law point of view, the question at stake is that of information
defined as a good. This discussion is not novel. For instance, the French scholar
Prof. Catala already proposed it in the early 1980s.18 All the theory of ownership of
information presupposes that there is a form of possession of the information or, in
other words, a de facto monopolistic control over it. In the case of “relative spoil-
ers”, the information has already been communicated to the public. Any form of
exclusive possession has, therefore, been lost. However, in the case of “absolute
spoilers”, the question of ownership should be considered, since the confidentiality
of the information has to be interpreted as a form of possession.
Various legal frameworks have been created to protect information in specific
cases. In this discussion, legal scholars mostly criticise19 the contentious European
protection of the database maker by the database sui generis right.20 Furthermore, in
its 2017 Communication on “Building a European Data Economy” the Commission
introduced the perspective of creating, at European Union (EU) level, a ‘data pro-
ducer’s right’ that would protect industrial data against the world.21 However, the
17
Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 of the
protection of undisclosed know-how and business information (trade secrets) against their unlaw-
ful acquisition, use and disclosure, OJ L 157.
18
See Catala (1984).
19
See Trosow (2005).
20
protection of databases, OJ L 77.
21
Communication from the Commission to the European Parliament European Commission, the
Council, the European Economic and Social Committee and the Committee of the Regions,
Building a European Data Economy COM (2017) 9 final.
190 P. Jougleux
confidentiality of information, from a civil law perspective, has never been enough
for the courts to be convinced of the need to apply a general property law mecha-
nism. The law of obligations is used to protect the confidentiality of information
against wrongful curiosity, using various mechanisms, according to the legal tradi-
tion of each country. First, every country recognises that certain specific duties of
confidentiality apply to specific categories of professionals. Subsequently, in com-
mon law countries, the tort of breach of confidential information could be of use.
For instance, the case of Douglas v Hello! Ltd22 discussed the legality of unauthor-
ised photography of the wedding of two public personalities. It should be noted that
in this case, there was strict security in place at the event and no guests were allowed
to take photographs: the event was closed to the media and guests were told to sur-
render any equipment which could be used to take photographs. The court stated
that for a breach of confidence to occur, certain requirements have to be met: the
information must have “the necessary degree of confidence about it”; the informa-
tion is provided in circumstances importing an obligation of confidence; there is an
unauthorised use or disclosure of that information; and there must be a risk of dam-
age. However, this tort acts as an exception, and in principle, intangible property
cannot be the subject of a claim for the tort of conversion.23
In the same way, in civil law countries, an incomplete and uncertain protection
of confidential information can be found in the doctrine of unfair competition, and
specifically, in the notion of parasitism” or “free riding”. The civil claim of parasit-
ism is founded on the general legal framework of extra-contractual liability for fault
and does require a relationship of competition to exist between the claimant and the
defendant. It is merely necessary to prove the wrongful “acquisition” of reputation
or wealth. For instance, in France, a case was based on the visual appropriation of
distinctive elements of one luxury goods company by another company in its adver-
tisements (reference to a live panther, black and red jewellery, and use of mainly
black and red colours). The Paris Court of Appeal stated that freedom of expression
is not absolute and that the use of unfair methods to take advantage of a person’s
reputation gives rise to extra-contractual liability.24 Although the theory of parasit-
ism does not technically create a property right, it offers all the attributes of a
monopolistic control over information.25
Extrapolating on this idea, it could be possible to claim that a company that
mainly earns its income from the publication of “absolute spoilers” is in fact in a
position of parasitism, which is harmful to the producers of the show, as its subsis-
tence is based solely on exploitation of the show’s reputation.
22
Douglas v Hello! Ltd [2005] EWCA Civ 595.
23
OBG Ltd v Allan [2007] UKHL 21.
24
Cour d’Appel de Paris, n° 13/08861, 21 Octobre 2015.
25
See Vivant (2006).
3.2 Trade Secrets Directive and Civil Liability
Until recently, the EU legal framework covering the protection of secrets was largely
fragmented. At international level, however, the Agreement on Trade-Related
Aspects of Intellectual Property Rights (TRIPs)26 between all the member nations of
the World Trade Organization creates a positive obligation for members to protect
undisclosed information.
Article 39 states that: “1. In the course of ensuring effective protection against
unfair competition as provided in Article 10bis of the Paris Convention (1967),
Members shall protect undisclosed information in accordance with paragraph 2 and
data submitted to governments or governmental agencies in accordance with para-
graph 3.
2. Natural and legal persons shall have the possibility of preventing information
lawfully within their control from being disclosed to, acquired by, or used by others
without their consent in a manner contrary to honest commercial practices so long
as such information:
(a) is secret in the sense that it is not, as a body or in the precise configuration and
assembly of its components, generally known among or readily accessible to
persons within the circles that normally deal with the kind of information in
question;
(b) has commercial value because it is secret; and
(c) has been subject to reasonable steps under the circumstances, by the person
lawfully in control of the information, to keep it secret.
3. Members, when requiring, as a condition of approving the marketing of phar-
maceutical or of agricultural chemical products which utilize new chemical entities,
the submission of undisclosed test or other data, the origination of which involves a
considerable effort, shall protect such data against unfair commercial use. In addi-
tion, Members shall protect such data against disclosure, except where necessary to
protect the public, or unless steps are taken to ensure that the data are protected
against unfair commercial use.”.
At the EU level, this obligation has been firmed up in the new Trade Secrets
Directive (the “TS Directive”) that aims to correct the disparity between different
national protection systems, based on the assumption that the latter would interfere
with the single market. Although Member States were already bound by Art. 39 of
TRIPS to implement a minimum level of protection of confidential information,
there was great deal of interest in European harmonisation, since the national legis-
lations differed greatly in practice.27
26
299, 33 I.L.M. 1197 (1994).
27
See Knaak et al. (2014).
192 P. Jougleux
Under the TS Directive, a trade secret must fulfill three conditions to obtain pro-
tection: the information must be secret, it must be valuable because of its secrecy
and the holder of the secret must have taken reasonable steps to protect it from dis-
closure.28 It is unlikely that the European law makers had the specific case of spoil-
ers in mind when the Directive was adopted. However, if the spoiler corresponds to
each one of these three requirements, on what grounds should protection be with-
held? The spoiled information is by definition a secret. However, is it valuable and
have reasonable steps been taken to protect it? What constitutes reasonable action to
protect the story of a movie or a TV show?
A relatively close circle of individuals (the actors, the creator, the producer)
knows about the movie’s story and this should cover the first requirement. Regarding
the third requirement, it is worth highlighting the fact that the actors and the staff are
usually bound by a non-disclosure agreement. Moreover, practical security mea-
sures are often taken to protect this secret: for instance, in the Game of Thrones TV
show, even false scenes were filmed,29 in the Terminator Salvation movie false spoil-
ers were even prepared,30 and in the case of recent plays in the United Kingdom
(UK), the National Theatre refused to reveal details of the plot before the premiere.31
The existence of a non-disclosure agreement binding the staff should be enough to
demonstrate the will to protect secrecy. Furthermore, nowadays there is a growing
number of initiatives to protect secrecy with the creation of false endings or the
disclosure of false spoilers. The second requirement is closely related to the third, if
a subjective perspective is used: the existence of reasonable steps to protect the
information should be enough to presume the value held by the information. For
instance, costly manoeuvers intended to give false spoilers to journalists and to fans
demonstrate in themselves the value the show creator places on the secrecy of the
plot. The value of a spoiler can also be deduced from the revenue obtained by its
disclosure: online publishers recognise that headlines concerning spoilers attract
more traffic to their sites.32
Therefore, in the author’s opinion, a TV show story should be seen as a trade
secret for the purpose of application of the TS Directive. Consequently, under Art. 4
of the Directive, the following are characterised as illegal: the breach of a confiden-
tiality agreement or any other duty not to disclose trade secrets; the breach of a
contractual or any other duty to limit the use of trade secrets; and the unlawful
acquisition of trade secrets. Unlawful acquisition is defined either as unauthorised
28
Art. 2.1 of the Directive: (1) ‘trade secret’ means information which meets all of the following
requirements: (a) it is secret in the sense that it is not, as a body or in the precise configuration and
assembly of its components, generally known among or readily accessible to persons within the
circles that normally deal with the kind of information in question; (b) it has commercial value
because it is secret; (c) it has been subject to reasonable steps under the circumstances, by the
person lawfully in control of the information, to keep it secret”.
29
See Hooton (2017).
30
See Hart (2009).
31
See Lawson (2012).
32
As interviewed by the journalist of the Wired—see note above.
access (access without the trade secret holder’s consent) to digital or non-digital
documents containing the secret, or as any conduct contrary to honest commercial
practices.
The most interesting part of the new legal framework can be found in Art. 4.4 of
the TS Directive. Article 4.4 adds as a cumulative condition that liability arises only
if the individual “knew or ought, under the circumstances, to have known” the
unlawful nature of the acquisition. This means that the protection is not limited to a
personal interest, but the Directive offers a more extensive protection which could
be seen as a kind of property interest, as it extends to third parties. In other words,
whenever a third party ought to know that the acquisition of a trade secret is unlaw-
ful, he or she also becomes liable for any unlawful use he or she might make of it.
The TS Directive encompasses a large number of safeguarding measures which
are intended to protect freedom of expression. Indeed, the new legal arsenal cover-
ing protection of trade secrets should be enforced only in light of the principle of
proportionality. In the author’s opinion, it excludes from such protection spoilers of
minimal interest (such as information on which actor plays what character, how
they play, the role or the general theme of a movie). At the opposite end of the scale,
protection against spoilers that cause substantial damage to the exploitation of the
movie/TV show/book, as these spoilers reveal an important plot twist, passes the
test of the principle of proportionality.
4 Spoilers and Copyright Law
Although traditionally copyright law does not protect simple information, it is now-
adays impossible not to “acknowledging the tendency towards a privatisation of
information through copyright”.33 This tendency also applies to spoilers, through
various mechanisms: a provocative use of moral rights (Sect. 4.1) and an extensive
interpretation of the right of reproduction (Sect. 4.2).
4.1 Moral Rights of the Author and Enjoyment of the Work
Ultimately, spoilers are wrong because they seriously undermine the user’s experi-
ence. By losing the element of surprise from a cliffhanger, a surprise death or an
ending, the user’s relationship with the work has been altered. At this point, it could
be useful to analyse this situation from a copyright law perspective. The author of a
copyright-protected work is granted the protection of moral rights. The Berne
Convention34 recognises the moral right of paternity and the right to protect the
Geiger (2009).
33
34
amended on 28 September 1979).

194 P. Jougleux
integrity of the work. This right has been extensively discussed in the past before the
courts and it can be ascertained that ultimately, it protects not only the work itself,
but also the expected perception of the work by the user. In other words, even if
there is no addition to, deletion from, alteration to or adaptation of the work from a
narrow perspective, in various countries the courts have also accepted as a form of
violation of the integrity of the work, the mere changing of the intended presenta-
tion of the work. In this case, the alteration is not objective, but subjective. Certain
interventions in the work, such as multiple advertisements on TV that cut the movie
into different parts35 or the location of a sculpture that was intended to be seen by
the public in a specific place,36 while not really altering the work of mind stricto
sensu, alter the way in which the work is perceived by the public. In these situations,
the courts have not hesitated to award damages to the author of the work on the
grounds of a violation of the right to protect the integrity of the work. For instance,
in Germany, there is a violation of the right to integrity when the general impression
of the work is altered.37 Characteristically, it was held that “The protection of the
author of a work of architecture by the copyright right of integrity is directed not
only against artistic deterioration, but also against other distortions of the essence of
the work in the form as it is presented to others.”.
Furthermore, in some countries, additional moral rights are recognised, such as
the right to disclosure of the work.38 This right is far from harmonised at EU level.
When this right is granted, it prohibits third parties from disclosing the author’s
works to the public without his authorisation. The publication of substantial ele-
ments of the story could be seen as a partial disclosure of the work itself in some
circumstances.
35
See in France: Tribunal of First Instance of Paris, 29 May 1989, RIDA January 1990, p. 353. Of
course, as an Italian court points out, it is not the principle of the advertisement cut that is illegal
per se. It is on a contrario perspective the effect of the cuts considering the quality of the movie and
the duration and the number of the advertisements. See Rome Court of Appeal, 16 November
1989, Germi v Reteitalia and Rissoli Film, RIDA 1990, no 144, p. 184.
36
See in Spain, Judgment of 18 January 2013 issued by the Plenary of the Judges of the Civil
Chamber of the Supreme Court, when the renowned sculptor Andrés Nagel sued the city hall of the
Spanish city of Amorebieta when the latter decided to move a work of art from its initial place-
ment. Here again, the judges adopted an a contrario position: the relocation itself does not violate
the right to integrity per se. It violates the author’s right only assuming that the relocation “substan-
tially interferes in interpretation of the work.” For further details, see Abogados (2013).
37
BGH GRUR 1999, 230, 232—Treppenhausgestaltung.
38
The right is expressly stated in Belgium, France, Germany, Greece and Spain as an independent
moral right. Some countries, for instance Austria, do not distinguish it from economic publication
right. At the opposite, it does not exist at all in Ireland, Luxembourg, Netherlands, Portugal and
Cyprus. Source: Salokannel and Strowel (2000).
4.2 T
he Right of Reproduction and a Detailed Summary
of the Work
It has been noted that copyright law infringement is used in practice by movie dis-
tributors to protect themselves against spoilers. For instance, when Season 6 of the
popular TV show “The Walking Dead” ended on a cliffhanger, a fan site claimed
that it knew (from an internal source) the name of the protagonist who died and that
it would publish it. The producer then used an injunction for violation of copyright
law (and also for violation of trade secrets!).39
Two legal issues have to be examined to determine whether the disclosure of a
key element of a screenplay constitutes a violation of the right of reproduction.
Firstly, does the publication of a detailed summary form part of the author’s artistic
expression or is it just a piece of information, which is not protected by copyright
law? Secondly, is the publication of a detailed summary substantive enough to con-
stitute a reproduction of the work?
The first issue is often under-analysed and implicitly covered by the second issue
as part of the question of assessing the originality of the work. Some scholars, how-
ever, support the idea that this approach should not automatically be accepted, as
some very short expressions (the author uses the expression “microworks”) can be
original, but without the characteristic substance of a work.40 Reproduction is very
broadly defined at an EU level by the Information Society Directive.41 Even partial
reproduction is a form of reproduction, without however any references in relation
to the extent of the reproduction. The Court of Justice of the European Union
(CJEU), therefore, highlights the fact that an original part of the work should be
copied for the right of reproduction to be infringed. In the landmark Infopaq case,
the Court admitted that originality may be found in a quotation comprising just 11
words.42 The situation of spoilers is, however, different, as the short text of the
spoiler is not itself part of the final work. It is a detailed summary of an unpublished
work (in the case of “absolute spoilers”).
The American injunctions against spoilers mentioned above cited the precedent
of the “Twin Peak Productions” case.43 In this case, some fans had published a guide
to the TV show “Twin Peaks” with detailed summaries of the (past) episodes,
including direct quotations. The Court ruled that this book was a derivative work. It
39
See Siabon (2016).
40
See Hughes (2005).
41
harmonisation of certain aspects of copyright and related rights in the information society. Article
2 defines the right of reproduction as the “the exclusive right to authorise or prohibit direct or
indirect, temporary or permanent reproduction by any means and in any form, in whole or in part”
of the work of mind.
42
CJEU, Infopaq International A/S v Danske DagbladesForening, C 5/08, Judgment of the Court
(Fourth Chamber) of 16 July 2009.
43
Twin Peaks Productions, Inc v Publications International, Ltd, Louis N Weber, Scottknickelbine,
and Penguin USA, Inc, 996 F.2d 1366 (2d Cir. 1993).
196 P. Jougleux
is not obvious however that this case may apply to spoilers, as the facts of the case
concern a whole book, not just a plot summary.
Another relevant case shows how the idea of reproduction is currently inter-
preted in a way that could even include spoilers. In a German case related to the
famous Harry Potter books series, the court was called upon to decide whether an
educational book about introduction to reading could be based on the world appear-
ing in the general story of the Harry Potter books. The court used an interesting
argument to determine whether there was infringement. It ruled that from the
moment that reading the original book was mandatory for the reader of the disputed
work to be able to understand it, this work lacked the character of independence and
that there was therefore an infringement.44 It is possible to distinguish a contempo-
rary trend towards a more extensive interpretation of the right of reproduction that
includes reference to the concept of the work without citing the work per se. In the
UK, in the recent and heavily discussed “Red Bus” case,45 infringement was found,
although it was proved that the disputed photography was different from the photog-
raphy owned by the claimant. Characteristically, the evolution in the protection of
fictional characters is very explicit. While the character of Sherlock Holmes was
found by a German court in 1957 not to be original,46 a US Court of Appeal recently
confirmed that “copyright on a “complex” character in a story, such as Sherlock
Holmes or Dr. Watson, whose full complexity is not revealed until a later story,
remains under copyright until the later story falls into the public domain”.47
These developments have to be balanced with the use of the principle of propor-
tionality. In theory, copyright law would apply to both the situations of “relative”
and “absolute” spoilers. However, “relative spoilers” would have more chance of
being “saved”, by reference to freedom of expression, which is used here as an
exception to the right of reproduction. It is established that copyright law per se
represents an interference with the freedom of expression48 and the national courts
do not hesitate to invoke Art. 10 of the ECHR to prevent the extensive use of copy-
right law in a way that would unreasonably limit freedom of expression.49
5 Conclusion
A legal discussion about spoilers could be seen at first sight as superficial. For most
people, this annoying phenomenon does not merit the attention of the courts.
However, the article aimed first, to defend the view that a discussion about spoilers
44
LG Hamburg, 12.12.2003, 2004 GRUR-RR 65, Neue JuristischeWochenschrift, 2004, p. 610.
45
Temple Island Collections Ltd v New English Teas Ltd & another [2012] EWPCC 1.
46
BGH, 15.11.1957, 1958 GewerblicherRechtsschutw und Urheberrecht [GRUR] 354.
47
Leslie Klinger v Conan Doyle Estate, US Court of Appeals, No 14-1128 (7th Cir. 2014).
48
See ECHR (5th section), Ashby Donald and others v France, App No 36769/08, 10 January
2013.
49
See in Holland, Louis Vuitton v Nadia Plesner, District Court of the Hague of 4 May 2011.
would add further substance to the contemporary discussion on the scope and the
boundaries of online freedom of expression. We have therefore examined how free-
dom of expression is used as a tool to block civil liability for fault, but at the same
time how contractual liability has emerged as an empowering tool of censorship in
the hands of online intermediaries. The discussion then focused on the specific situ-
ation of “absolute spoilers”. The author linked the issue of protection against spoil-
ers to the broader question of ownership of confidential information. This classic
but very contentious topic has recently re-emerged with the adoption of the European
Directive on Trade Secrets. The chapter showed how the new legal framework opens
up the possibility of protecting the plot of a story against spoilers. The last part of
the chapter was devoted to the possibility of applying copyright law. While at first
surprising (since copyright law does not protect mere information), this choice was
explained with reference to the moral right to protect the integrity of a work of mind
and to the economic right of reproduction.
In conclusion, a partial protection against spoilers exists. This protection appears
to be based on simultaneous reference to the protection of trade secrets and to copy-
right law infringement. This new value of the story plot and the related growing
annoyance posed by spoilers also reveal a great deal from a societal perspective
about the relationship of the public with works of art. Traditionally, knowing the
entire story would not diminish the value of a work. In the end, Troy falls and the
Iliad does not lose its value. However, even if works of mind are nowadays meant
and produced as consumer goods, they still contribute greatly to the creation of a
common cultural identity. The battle against spoilers, therefore, expresses the need
of a society to protect itself against phenomena that could reduce this potential for
growing uniformity.
References
Abogados A (2013) Moral right to the integrity of a sculpture work. Does it include the right to
decide the location of the work?. www.lexology.com
Bartz A, Ehrlich B (2012) Don’t post TV, movie spoilers online. https://edition.cnn.com/
2012/07/04/tech/web/spoilers-online-netiquette/index.html
BGH, 15.11.1957, 1958 GewerblicherRechtsschutw und Urheberrecht [GRUR] 354
Bioy X (2012) bLa protection renforcée de la liberté d’expression politique dans le contexte de la
Convention européenne des droits de l’homme. Les Cahiers de droit 53(4)
Bychawska-Siniarska D (2017) Protecting the right to freedom of expression under the European
Convention on Human Rights, a handbook for legal practitioners. Council of Europe
Catala P (1984) Ébauche d’une théorie juridique de l’information. D. spéc No 5, p 97
CJEU, Infopaq International A/S v Danske DagbladesForening, C 5/08, Judgment of the Court
(Fourth Chamber) of 16 July 2009
Economic and Social Committee and the Committee of the Regions, Building A European
Data Economy COM (2017) 9 final
Cour d’Appel de Paris, n° 13/08861, 21 Octobre 2015
Cour de Cassation, Chambre civile 1, du 27 September 2005, 03-13.622, Publié au bulletin 2005
I N° 348
198 P. Jougleux
Derieux E (2014) Une exclusion non légalement justifiée: Très favorable aux médias et préju-
diciable aux victimes d’abus de la liberté d’expression. LEGICOM 52(1):15–22. https://doi.
org/10.3917/legi.052.0015
Douglas v Hello! Ltd [2005] EWCA Civ 595
ECHR, Appleby et autres v Royaume-Un, App No 44306/98, 24 September 2003
ECHR, Khurshid Mustafa and Tarzibachi v Sweden, App No 23883/06, 16 March 2009
ECHR, Observer et Guardian, App No 13585/88, 26 November 1991
Fuentes Bobo c. Espagne, no 39293/98, 29 Février 2000
Geiger C (2009) Copyrighting ideas? Copyright on information technology products and its con-
sequences for future creativity. Int J Intellect Prop Manage 4(1–2). https://doi.org/10.1504/
IJIPM.2010.029750
Hart H (2009) Spoiler wars heat up as lost returns. Wired
Hartmann IA (2013) A right to free Internet? On Internet access and social rights. J High Technol
Law 13:297
Hedley Byrne & Co Ltd v Heller & Partners Ltd (1964) AC 465 (HL)
Hooton C (2017) Game of Thrones season 7: fake scenes were shot for 15 hours to throw off plot
spoilers. Available via Independant.co.uk. https://www.independent.co.uk/arts-entertainment/
tv/news/game-of-thrones-season-7-filming-plot-spoilers-fake-scenes-kit-harington-daenerys-
targaryen-jon-snow-a7836561.html
Hughes J (2005) Size matters (or should) in copyright law. Fordham Law Rev 74:575; Cardozo
Legal Studies Research Paper No 140
Kiderra I (2011) Spoiler alert: stories are not spoiled by ‘Spoilers’. Available via http://ucsdnews.
ucsd.edu/archive/newsrel/soc/2011_08spoilers.asp
Knaak R, Kur A, Hilty R (2014) Comments of the Max Planck Institute for Innovation and
Competition of 3 June 2014 on the Proposal of the European Commission for a Directive
on the Protection of Undisclosed Know-How and Business Information (Trade Secrets)
against their Unlawful Acquisition, Use and Disclosure of 28 November 2013’, Com(2013)
813 Final. Int Rev Intellect Prop Compet Law (IIC) 45(8):953–967; Max Planck Institute for
Innovation & Competition Research Paper No. 14-11. Available via SSRN. https://ssrn.com/
abstract=2464971
Latil A (2014) Les fautes d’expression Ou la renaissance de l’article 1382 du Code civil en matière
de liberté d’expression. Légipresse No 318
Lawson M (2012) Spoiler alert: the tough task of keeping a play’s plot secret. https://www.the-
guardian.com/stage/2012/jun/26/keeping-play-plot-secret
LG Hamburg, 12.12.2003, 2004 GRUR-RR 65, Neue JuristischeWochenschrift, 2004
Louis Vuitton v Nadia Plesner, District Court of the Hague of 4 May 2011
OBG Ltd v Allan [2007] UKHL 21
Rhodes v OPO [2015] UKSC 32
Salokannel M, Strowel A (2000) Study contract concerning moral rights in the context of the
exploitation of works through digital technology. Available via the European Commission’s
Internal Market, europa.eu. http://ec.europa.eu/internal_market/copyright/docs/studies/
etd1999b53000e28_en.pdf
Siabon HC (2016) Spoiler alert: copyright law and online spoiler culture. Intellect Prop Law Bull
29(9)
Staff Working Document on the free flow of data and emerging issues of the European data econ-
omy, SWD (2017) 2 final
Stapley-Brown V (2018) French court makes mixed ruling in Courbet ‘censorship’ case.
https://www.theartnewspaper.com/news/french-court-makes-mixed-ruling-in-courbet-censor-
ship-case
Temple Island Collections Ltd v New English Teas Ltd & another [2012] EWPCC 1
Trosow S (2005) Sui Generis Database protection, a critical analysis. Yale J Law Technol 534
Vivant M (2006) La privatisation de l’information par la propriété intellectuelle. Revue internatio-
nale de droit économique t xx 4(4):361–388. https://doi.org/10.3917/ride.204.0361
Chapter 9
Data Ownership in the Data Economy:
A European Dilemma
Francesco Banterle
Abstract To unleash the potential of new data-driven opportunities, players in the

data market need to have access to large and diverse datasets. Access in relation to
data is therefore a crucial factor. However, the new data economy raises unsolved
issues. Where a multitude of actors interact in the elaboration of data, it is often
questioned: who owns the data? As part of its Digital Single Market strategy, the
European Commission has started a series of initiatives aimed at addressing the data
ownership issue. They culminated with the idea of introducing a novel right in raw
machine-generated data.
This chapter briefly summarizes the European Commission’s strategy. It recalls
the main characteristics of the data value chain. It then elaborates on the existing EU
acquis on data ownership, deriving from intellectual property rights (namely copy-
right and database right), trade secrets, traditional property, and factual control situ-
ations derived by data protection laws. These ownership mechanisms are powerful
although difficulty extend to raw data. Despite this, gaps in law have been filled
through contractual schemes and technological access restrictions that enhance the
ability to control data.
The chapter further explores the position of those that support the idea of a new
property right in data and elaborates on the new right proposed by the European
Commission. This paper concludes that creating new monopolies capable of restrict-
ing open access to data, may result in a threat to development of an EU data market.
Further, economic evidence is needed before discussing the introduction of such a
new right. Indeed, we should learn from past lessons, as it happened with the
Database Directive: new rights are here to stay. Other suggested approaches seem
more able to fit the needs of the data-economy. In particular, sector-based access
against remuneration can be an option to investigate. However, also in this case, this
must come together with economic evidence and in dept analysis of possible market
failures.
F. Banterle (*)
University of Milan and Hogan Lovells Studio Legale, Milan, Italy

https://doi.org/10.1007/978-3-030-25579-4_9
200 F. Banterle
1 Introduction
Data has become an essential resource in the new economy. Artificial intelligence is
increasing its computational capacity and uses big data techniques to analyze large
datasets in real-time and extract precious knowledges. As the data-driven transfor-
mation reaches into the society, ever-increasing amounts of data are generated by
autonomous connected machines or processes based on the Internet of Things (IoT).
The value of the “data economy”1 in the EU was estimated at more than EUR 285
billion in 2015, with a 5.03% annual growth. With the right policy and legal frame-
work conditions, its value is expected to increase to EUR 739 billion by 2020.2
However, the new data economy raises new challenges and unsolved issues. The
enormous diversity of data sources and the variety of opportunities for applying
insights into this data are only beginning to emerge. To unleash the potential of
these opportunities, players in the data market need to have access to large and
diverse datasets. Access in relation to machine-generated-data is therefore a crucial
factor for developing a data economy.
In big data, IoT, and smart technologies, where a multitude of actors interact in
the elaboration of data, it is often questioned: who owns the data? While organized
datasets can be subject to intellectual property rights, and the use of personal data is
regulated by data protection laws, this question particularly applies to raw (machine-
generated) data, that are increasing their value as a source of precious insights and
fall outside the scope of classical ownership/property schemes.
As part of its Digital Single Market strategy, the European Commission has
started a series of initiatives aimed at addressing the data ownership issue. They
culminated with the idea of introducing a novel right in raw machine-generated
data.
Do we really need new ownership rights in data? This paper briefly summarizes
the European Commission’s strategy. It recalls the main characteristics of the data
value chain. It then elaborates on the existing EU acquis on data ownership, deriv-
ing from intellectual property rights (namely copyright and database right), trade
secrets, and factual control situations derived by data protection laws. These owner-
ship mechanisms are powerful although with difficulties do they extend to raw data.
Likewise, raw data appears excluded from traditional property rights. Despite this,
gaps in law has been filled through contractual schemes and technological access
1
See the study commissioned by the European Commission, prepared by IDC, European Data
Market study, SMART 2013/0063 (1 February 2017). See also the presentation prepared by the
European Commission, Final results of the European Data Market study measuring the size and
trends of the EU data economy, of 2 May 2017, available at https://ec.europa.eu/digital-single-
market/en/news/final-results-european-data-market-study-measuring-size-and-trends-eu-data-
economy. The data economy measures the overall impacts of the data market. It involves all types
of data processing operations (i.e., generation, collection, storage, processing, distribution, analy-
sis, elaboration, delivery, and exploitation) enabled by digital technologies. In the data economy
ecosystem, there are different types of market players. The ability to access and use data enables
market players to extract value from data and to create innovative applications.
2
Ibid.
9 Data Ownership in the Data Economy: A European Dilemma 201
restrictions that enhance the ability to control data. Thus, many commentators
believe this ownership framework does not need further intervention.
The paper further explores the position of those that support the idea of a new
property right in data and elaborates on the new proposed right. This analysis con-
cludes that creating new monopolies capable of restricting open access to data, may
result in a threat to development of an EU data market. Further, economic evidence
is needed before discussing the introduction of such a new right. Indeed, we should
learn from past lessons, as it happened with the Database Directive: new rights,
once introduced in the legal system, even in the absence of any evidence about their
positive effect, are here to stay. Other suggested approaches seem more able to fit
the needs of the data-economy. In particular, sector-based access against remunera-
tion can be an option to investigate. However, also in this case, this must come
together with economic evidence and in dept analysis of possible market failures.
2 The European Commission’s Strategy on Data
Within the Digital Single Market Strategy, the European Commission has launched
since 2014 a series of initiatives aimed at addressing the regulation of a data market
and the data ownership issue, announcing a further ‘free flow of data’ initiative.3
Following a public consultation in 2016, the Commission published an impact
assessment, in which the Directorate General for Communications, Network,
Content and Technology (DG Connect) affirmed that “barriers to the free flow of
data are caused by the legal uncertainty surrounding the emerging issues on ‘data
ownership’ or control, (re)usability and access to/transfer of data and liability aris-
ing from the use of data”.4 Meanwhile, the German Commissioner Mr Oettinger, at
3
Communication from the Commission to the European Parliament, the Council and the European
Economic and Social Committee and the Committee of the Regions, Towards a Thriving Data-
Driven Economy COM (2014) 442 final; Communication from the Commission to the European
Parliament, the Council and the European Economic and Social Committee and the Committee of
the Regions, A Digital Single Market Strategy for Europe COM (2015) 192 final. This initiative
included a mandate to study the issue of ownership delegated to the “Free flow of data” initiative:
“It will address the emerging issues of ownership, interoperability, usability and access to data in
situations such as business-to-business, business to consumer, machine generated and machine-to-
machine data. It will encourage access to public data to help drive innovation” (at p. 15).
4
European Commission, European free flow of data initiative within the Digital Single Market—
Inception impact assessment. http://ec.europa.eu/smart-regulation/roadmaps/docs/2016_
cnect_001_free_flow_data_en.pdf. The document continues stating that “a gap exists with regard
to ‘ownership’ of non-personal data, particularly non-personal data that is machine-generated.
Data driven innovation is greatly dependent on who has access to data collected through sensors,
for instance as part of a manufacturing process, or to anonymised/non-identifiable personal data.
Such issues are commonly addressed by contractual arrangements in a business to business con-
text, which may prove to be a challenge to certain actors within the data value chain, potentially
slowing down the free flow of data between sectors, companies and within companies, as well as
research organisations. The contractual practices in the new business models inspired by techno-
logical developments may lead to contractual lock-in; technical or legal obstacles may prevent the
switching of service provider or the portability (transfer) of data”.
202 F. Banterle
that time responsible for DG Connect, publicly called for a civil code on data and
for the introduction of a new data use right.5
These actions culminated with the Communication of 10 January 2017 “Building
a European Data Economy”,6 and the accompanying document detailing the “Free
flow of data” initiative.7 In these latter documents, among six suggested options,8
the Commission advanced the idea of introducing a novel right in raw data (so-
called “data producer’s right”). The new right would protect machine-generated
industrial data against the world, thus addressing legal uncertainties caused by new
data technologies.9
2.1 How the Data Value Chain Is Working?
To better understand the data ownership issues, it is useful to recall how the data
value chain is working in many industrial data ecosystems. First, defining the con-
cept of data itself is challenging. The European Commission has repeatedly recalled
the definition of data of ISO/IEC 2382-1: data is “a reinterpretable representation of
information in a formalized manner, suitable for communication, interpretation or
processing”.10 Information would become data as soon as it is represented in a for-
malized manner suitable for communication and processing. Data is therefore
something that can be observed by the machine.11 Data, including “personal data”,
can be created either by human activity or generated by sensors or machines, and it
is often generated as a “by product” of other processes.
The issue of the data ownership is even more challenging because of the com-
plexity of the “data value chain”. Indeed, in the big data and IoT businesses, the data
ecosystem is characterized by the interactions of multiple actors and multiple opera-
tions. Different stakeholders may act at different levels during the creation and gen-
eration of data. For instance, they can use, compile, create, select, structure, enrich,
5
Le Monde (2016) Big data: “Pour un “code civil” des données numériques”. https://www.lem-
onde.fr/idees/article/2016/10/14/big-data-pour-un-code-civil-des-donnees-nume-
riques_5013610_3232.html; See also Drexl (2016), p. 4.
6
Economic and Social Committee and the Committee of the Regions, Building a European data
economy COM (2017) 9 final.
7
Commission Staff Working Document on the free flow of data and emerging issues of the
European Data Economy Accompanying the document Communication Building a European Data
Economy SWD (2017) 2 final.
8
The Commission is considering the introduction of this new right together with other initiatives
such as: model contract terms; default contract rules; access against remuneration; and develop-
ment of technical solutions for reliable identification and exchange of data.
9
COM(2017) 9 final, p. 12.
10
COM (2014) 442 final, p. 4. See also ISO/IEC 2382-1, revised by ISO/IEC 2382:2015—
Information technology—Vocabulary.
11
Ottolia (2017), p. 16.
analyze, and add value to data. The data value cycle can be represented as
follows12:
ŝƐĐŽǀĞƌ
/ŶƚĞůůŝŐĞŶĐĞ /ŶŐĞƐƚ
ǆƉŽƐĞ WƌŽĐĞƐƐ
ŶĂůǇǌĞ WĞƌƐŝƐƚ
/ŶƚĞŐƌĂƚĞ
The data ownership issue is significantly debated principally in the automotive

sector. Sensor-equipped cars generate and transmit large amounts of data.
Components (e.g., brakes, engine, cameras, etc.) are always more connected, and
they provide information about traffic, performances, behaviors, etc. These data are
extremely useful for developing smart vehicles and car apps and have therefore
enormous value. In the case of a smart cars, a multitude of different players interact:
manufacturers of the sensors in specific components; the car manufacturer; the car
owner; Mobile Network Operator-Mobile Virtual Network Operators (MNO-
MVNOs); the insurer; the content providers; the cloud provider; etc.13 As Mr
Oettinger said, it is as yet unclear who owns these data: the automobile manufac-
turer; the car owner; or no one at all?14
In sum, different actors are involved in the data value chain.15 It may be therefore
difficult to determine who would be entitled to claim ownership in data, as each of
these actors may claim ownership of data at different levels, based on their specific
role. It is likely that no single actor will have exclusive rights. Is this a real problem?
From the European Union (EU) regulator perspective, the undisclosed worry seems
against American large tech companies taking possession of EU data assets. It is
somehow the same concern that recently inspired the new EU copyright reform
(with American over-the-top (OTT) companies exploiting the efforts of the European
press and audio-video industries—see infra), and previously the Database Directive.16
12
OECD (2015), p. 195.
13
Normally, the most important actors are: internet service providers; IT infrastructure providers;
data providers; data analytics service providers; data-driven entrepreneurs. For more details, see
Bird & Bird (2017), p. 21.
14
See Hugenholtz (2018), p. 1.
15
Bird & Bird (2017), p. 18.
16
Hugenholtz (2018).
204 F. Banterle
2.2 The Debate on Data Ownership
The debate on the data ownership issue has been lively discussed in Germany (with
a movement for ‘data property’ called Dateneigentum), both at academic and gov-
ernment level. There is a particular focus on the implication for Industrie 4.0, a
German initiative launched in 2011 as a joint initiative of the government, private
business sector, and public research to manage and promote a fourth industrial revo-
lution.17 Policy-makers have started examining the need for additional regulation.18
Some German academics have endorsed the need to implement further regulation to
properly allocate rights in data and proposed the adoption of a novel data usage
right.19
The supporters of the new right in data believe that the European legal frame-
work that currently applies to data ownership is not satisfactory. First, the current
legal framework (traditional civil-law based property rights) is not specifically regu-
lating ownership in data, neither in general terms nor specifically in relation to raw
machine-generated data that does not qualify as personal data.20
Second, the existing data-related rights—granting some protection on datasets
(see Sect. 3 below)—do not adequately respond to the needs of the actors in the
“data value cycle”: there would be in particular an ‘allocation’ problem.21 Due to
this situation, legal uncertainty in the data value cycle may frustrate open data or
data sharing initiatives. Actors in the data-economy may currently rely only on con-
tract. Yet, filing ownership/allocation gap by contract is far from ideal. It would be
burdensome to regulate by contract the ownership issues in large-scale data proj-
ects, where there is a multitude of data sources and too many actors claiming owner-
ship in the data. Moreover, non-property regimes do not create erga omnes
rights—contracts are in principle non-binding against third parties.22
Third, where negotiation power is unequal, market-based solutions might not
ensure fairness and innovation incentives.23
Finally, on the data access issue, current EU policy on access to data has focused
on data generated by the public sector.24 In case of need to access data held by other
private companies, data should be voluntarily tradable like any other resource.25 The
current data marketplaces seem not yet developed. Data players are mostly focused
17
Drexl (2016), p. 5.
18
SWD (2017) 2 final, p. 23.
19
Zech (2016a, b); See also De Franceschi and Lehmann (2015); Hoeren (2014). See also Bird &
Bird (2017).
20
Bird & Bird (2017), p. 22; COM (2016) 180 final.
21
Zech (2015), p. 197. The problem would not be in terms of creating incentives to generate data,
but rather in ensuring a fair allocation of the profits generated by analyzing the data.
22
Bird & Bird (2017), p. 120.
23
Bird & Bird (2017).
24
SWD(2017) 2 final, p. 11.
25
Particularly within an economy based on the principle of freedom to contract, opposed to data
trading based on obligations to licence at certain conditions; See SWD(2017) 2 final, p. 12.
on trading personal data for marketing purposes (e.g., commercial big data).
Alternatively, marketplaces specialize in trading very particular—sector-based—
kinds of data. Business models based on data are still emerging. This makes difficult
drafting a general stable overview of the situation of data sharing in Europe.
However, a research conducted on behalf of the European Commission26 has pro-
duced some insights about the current state of data sharing. It concluded that in the
vast majority of cases, data is generated and analyzed in-house by companies and
their data analysis providers: data stays within an organization and is not shared or
traded with third parties.27
3 The EU Acquis on Data Ownership
The EU acquis on data ownership is set out by a series of data-related rights, includ-
ing intellectual property rights, trade secrets, data protection rights, and other
emerging forms of protections. This section briefly recalls the existing legal regimes
in the EU providing legal mechanisms to deal with data, and to what extent there is
already control over data, in the form of either factual or legal control.
3.1 Intellectual Property Laws and Data
The first protection that comes to mind is intellectual property, as the traditional
form of protection of intangible assets. The intellectual property regimes most obvi-
ously applicable to protection of datasets are database rights. The EU legal database
regime sets out a two-tier system: copyright protection and sui generis database
protection.28 Each of these has the legal status of property and could in principle
provide a strong protection for data.
26
Impact Assessment Support Study on emerging issues of data ownership, interoperability, (re)
usability and access to data, and liability—SMART 2016/0030.
27
SWD(2017) 2 final, p. 14.
28
SWD (2017) 2 final, p. 19. The Commission’s assumption is that machine-generated and indus-
trial data do not normally benefit from protection by other intellectual property rights as they are
deemed not to be the result of an intellectual effort. See, however, Drexl (2016) on possible patent
protection for data, and Hugenholtz (2018) on phonographic neighboring rights.
206 F. Banterle
3.1.1 Copyright in Data
Data and information as such are excluded from copyright protection. This is
expressly stated in the TRIPs Agreement29 [Art. 9(2)], in the Berne Convention [Art.
2(8)],30 in the WIPO Copyright Treaty31 (“WCT”—Art. 2) and in the EU Software
Directive32 [Art. 1.2]. Further, it is a corollary of the idea/expression dichotomy:
form is protected whereas contents and ideas should stay free.
If there cannot be copyright in data per se, data compilations are instead subject
to a different treatment. Collections of data, that can be deemed creative by reason
of their selection or arrangement of their contents, are protected in the TRIPs
Agreement [Art. 10(2)], in the WCT (Art. 5), and, although not explicitly mention-
ing collections of data, also in the Berne Convention. The EU Database Directive33
has followed the same approach granting protection to databases that, because of
the original selection or arrangements of their contents, constitute the author’s own
intellectual creation [Art. 3(1)].
Originality (character of a creative work defined as ‘the author’s own intellectual
creation’34—that reflects the author’s personality)35 is recognizable when the selec-
tion or arrangement of data is the result of a creative choice.36 Indeed, the Court of
Justice of the European Union (CJEU) stated that there is no originality when the
setting up of the database is dictated only by technical considerations, which leave
no room for creative choices.37 Time and investments in that selection or arrange-
ment are not relevant to determine the originality standard and the eligibility for
copyright protection (no room for ‘skill and labor’ investments). Instead, originality
requires that through selection or arrangements of the data “the author expresses his
creative ability in an original manner by making free and creative choices […] and
29
(TRIPs).
30
31
CRNRIDC/94 (WCT).
32
legal protection of computer programs, OJ L 111 (Software Directive).
33
protection of databases, OJ L 77 (Database Directive).
34
See ex multis CJEU, Infopaq International A/S v Danske Dagblades Forening, Case C 5/08,
Judgment of 16 July 2009, par. 35.
35
See Recital 17 in the preamble to Copyright Duration Directive—Directive 93/98.
36
See CJEU, Eva-Maria Painer v Standard VerlagsGmbH and Others, Judgment of 1 December
2011, par. 89.
37
429/08, Judgment of 4 October 2011.
thus stamps his ‘personal touch’”.38 Thus, the originality standard can be a limit to
raw data aggregations. Indeed, copyright applies only after a selection/arrangement
of data. On the contrary, raw data are in fact not arranged yet in most cases—they
are bulk sets of data awaiting to be analyzed. Normally the processing of data is
done through advanced computational programs that process information in stan-
dardized/automatized manner, creating databases that can be difficulty deemed cre-
ative.39 Indeed, quite often, the value is in the insights that can be extracted from raw
data, not in the particular compilation of raw data or the structure of the resulting
datasets. In any case, copyright applies to the specific form in which the compilation
of data is structured (Database Directive, Recital 15), and not to the underlying raw
data. The same data can be taken from the original selection and reshuffled without
reproducing the selection/arrangement.
Additionally, no copyright protection is applicable to data compilations gener-
ated by machines without human intervention.40 Indeed, the general rule is that
copyright requires an act of human authorship, as clarified by the CJEU41 (and simi-
larly by Art. 4(1) of the Database Directive). Only few countries in the EU deviate
from this standard rule, e.g., UK,42 protecting computer-generated works. It should
be seen how this rule can co-exist with the CJEU jurisprudence.43
3.1.2 Sui Generis Database Right
The Database Directive adds an additional protection to databases resulting from a

substantive investment. This sui generis database right protects the investment in
obtaining, verifying, or presenting the data (Art. 7.1). The threshold of the invest-
ment should be minimal, although it does not necessarily have to be particularly
38
Football Dataco & Others v Stan James Plc & Others and Sportradar GmbH & Others, [2013]
EWCA Civ 27, par. 98. Similarly, in the US, in Feist (Feist Publications, Inc. v. Rural Telephone
Service Company, Inc., 111 Sup. Ct. 1282 (1991) [499 U.S. 340 (1991)]), the US Court held that:
“The compilation author typically chooses which facts to include, in what order to place them, and
how to arrange the collected data so that they may be used effectively by readers. These choices as
to selection and arrangement, so long as they are made independently by the compiler and entail a
minimal degree of creativity, are sufficiently original”.
39
Wiebe (2016).
40
See, on similar grounds, the US Copyright Office declaration, stating that they would not register
works produced by animals or a machine: ‘To qualify as a work of “authorship” a work must be
created by a human being’, quoting Supreme Court case Burrow-Giles Lithographic Co, 111 U.S.
at 58. See US Copyright Office (2017) Compendium: Copyrightable Authorship: What Can Be
Registered. https://www.copyright.gov/comp3/chap300/ch300-copyrightable-authorship.pdf,
p. 17. See also Ginsburg (2018) and Ramalho (2017).
41
Football Dataco.
42
See Section 9(3), Copyright, Design and Patents Act, U.K. 1998: ‘in the case of a literary, dra-
matic, musical or artistic work which is computer-generated, the author shall be taken to be the
person by whom the arrangements necessary for the creation of the work are undertaken’. See
Perry and Margoni (2010).
43
Hugenholtz (2018).
208 F. Banterle
high. It could be qualitative or quantitative, i.e., either in time, efforts, and/or

resources.
The CJEU has clarified that the sui generis database right does not protect invest-
ment in the creation of data (data should be pre-existing).44 The investment must
refer to the resources for elaborating the data and not for the creation as such of the
independent material. Indeed, the goal of the Database Directive is to protect invest-
ment in creation of new databases and processing systems, not in generating infor-
mation capable of being collected subsequently in databases.
This distinction between creating and obtaining is of crucial importance.
However, it is not always straightforward. The CJEU ruled out from protection foot-
ball fixtures or horse racing schedules as invented/created data. Similarly, the invest-
ment for the development of smart devices with sensors that generate data could
unlikely be considered.45 However, the case law has stated that “observed” facts are
not “created data”.46 In that sense, sensor data produced by a device (e.g., informa-
tion about the brake usage generated by sensors in a smart brake system within a
smart car) could be considered “observed”.47
The growth of artificial intelligence raises new issues in relation to machine-to-
machine generated data. The sui generis database right contemplates no authorship
requirement. The maker of a database has no necessary human characterization (see
for instance Art. 11 of the Database Directive). The unique requirement is a substan-
tial investment in the processing technology and/or in the operations necessary for
collecting or structuring the data. The substantial investment can lie on the initial
technology, that is, for example licensed or developed for generating the database.48
Therefore, the investment could be in developing or licensing an artificial intelli-
gence tool that is then able to process and organize datasets in a particular way. An
additional limit is that the substantial investment requirement sets a minimum
threshold. If the machine used for a particular data processing operation does not
require substantial investment, the database resulting from its use will not be pro-
tected. However, such threshold does not seem particularly high. Finally, the invest-
ment cannot be on “creating” data but only on their collection and organization.
This would rule out machine-generated synthetic data,49 e.g., the location data gen-
erated by GPS sensors on a number of smartphones—that is typically a set of raw
data, whereas it would include the use analytics technologies—the use of location
data for organizing data and analyzing movement patterns of a certain audience in a
certain area.
44
CJEU, The British Horseracing Board Ltd and Others v William Hill Organization Ltd, Judgment
of 9 November 2004, par. 31.
45
Drexl (2016), p. 21.
46
Hugenholtz (2018) citing Football Dataco & Others v Stan James Plc & Others and Sportradar
GmbH & Others.
47
Hugenholtz (2018).
48
Banterle (2018).
49
Ibid.
The database right is primarily designed to protect the investment in the organi-
zation of data, i.e., in the creation of structured processing systems. This comes
together with the definition of database, that is, a set of data arranged in a systematic
or methodical way (Art. 1.2 of the Database Directive). On the contrary, raw
machine-generated data is by definition non-organized sets of information. Thus,
the protection offered does not apply to machine-generated data as such (before
they are collected and organized in a structured and systematic way).50 The Database
Directive neither intend to create a new right in data (Recital 46 of the Database
Directive), nor to protect mere facts or data (Recital 45), but rather to keep the
semantic information in the public domain.51 The protection applies to the aggrega-
tion and processing of data. Consequently, any further independent processing of
raw data can give right to an autonomous database right. Additionally, the database
right comes with some statutory exceptions, to avoid creating a property right in the
data as such. In particular, protection is granted against extraction or reutilization of
a “substantial” part of the database. Non-substantial extractions from the database
are lawful. Finally, protection is against extraction of data that result from substan-
tial investment. On the contrary, extractions of data that are not the product of sub-
stantial investment are permitted.
In sum, copyright and database right do not extend to information per se. They
offer protection to data compilations that result from creative arrangement or invest-
ment in structuring datasets but deny protection to raw data.
3.1.3 New Emerging Copyright Trends
The Commission’s controversial proposal gave light to Directive on copyright in the

Digital Single Market (the “DSM Copyright Directive”).52 The DSM Copyright
Directive includes a series of very heterogenous provisions. On one hand, the
Directive is expanding copyright protection on press news to protect any digital use
of press publications (Art. 15), including use of small parts of such publications.
Despite use of individual words or very short extracts will be exempted, this exclu-
sion shall be interpreted in such a way as not to affect the effectiveness of the new
ancillary press publishers’ rights (Recital 58): in fact this means that press news
would be protected by an ancillary copyright against any minimum type of digital
uses (contrary to the initial statement above, under which data and information as
such would be excluded from copyright protection). On the other hand, the Directive
is introducing a text and data mining exception (Articles 3–4) that would allow text
and data mining for research and commercial purposes. The latter is however sub-
ject to an opt-out mechanism that will likely reduce its application. Thus, such
50
SWD (2017) 2 final, p. 19.
51
Drexl (2016), p. 22.
52
Proposal for a Directive of the European Parliament and of the Council on copyright in the
Digital Single Market COM (2016) 593 final, and Directive (EU) 2019/790 on the European
Parliament and of the Council of 17 April 2019 on copyright and related rights in the Digital Single
Market and amending Directives 96/9/EC and 2001/29/EC.
210 F. Banterle
exception has a clear restrictive effect in that it is confirming a contrario that text

and data mining is in principle subject to copyright scope.53
Moreover, the Commission has started a revision of the Database Directive.54 We
can conclude from the previous paragraphs that the Database Directive is probably
based on a database technology that no longer corresponds to the use of data in the
IoT and big data context, characterized by real-time data services. While the issue
addressed by the Database Directive was the creation of data processing systems
and technologies, the current problem is the availability of datasets as the new tech-
nologies show computational powers with no precedents. The fact that the Directive
does not respond to the needs of the data economy cannot by itself justify a reform
(by introducing new rights on data). A similar reform needs an economic
justification.55
From the above, the overall picture appears to confirm the intention of introduc-
ing additional layers of protection to datasets and information. Further, this infor-
mation policy should be considered from a holistic view when assessing the need of
introducing an additional right in data.
3.2 Other Data-Related Rights
3.2.1 Trade Secrets
Trade secrets protection was recently harmonized in the EU, at least in part, by
Trade Secrets Directive.56 Trade secrets regime can in principle protect any type of
information that (i) is secret; (ii) has economic value because of its secrecy; and (ii)
is subject to adequate security measures.
In view of big data or IoT projects, trade secrets protection is quite flexible: it
grants protection to individual pieces of information without any originality require-
ment; it does not distinguish between the types of data that might be protected
(although not all Member States’ laws have treated trade secrets as an open-ended
category of any information which is confidential)57; the protection is potentially
unlimited in time.58
53
See Banterle and Ghidini (2018). According to some scholars, non “expressive” uses, including
computational uses, should be equally subject to copyright scope, see Ottolia (2017), p. 21.
54
See European Commission website newsroom, Commission launches public consultation on
Database Directive, posted on 24 May 2017. https://ec.europa.eu/digital-single-market/en/news/
commission-launches-public-consultation-database-directive.
55
Drexl (2016), p. 22.
56
Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 on the
protection of undisclosed know-how and business information (trade secrets) against their unlaw-
ful acquisition, use and disclosure, OJ L 157 (Trade Secrets Directive).
57
Osborne Clarke (2016). For instance, this study reports that in Spain, data as such is not seen as
within the category of things which can be a trade secret. For the Italian approach instead, see
Banterle (2018).
58
Bird & Bird (2017), p. 110.
Yet, protection requirements can be difficult to meet in the context of real-time

data processes. Data collected by sensors or smart devices need to be re-used and
matched with data of many device manufacturers: secrecy cannot be always con-
firmed. If a database is in fact being licensed under confidentiality to a multitude of
businesses in a particular sector, this could render it “generally known” in the rele-
vant circles.59
On commercial value, it is unclear that single data generated by interconnected
machines and devices could have commercial value as individual data. Instead,
many data will be considered valuable only if they are part of larger datasets.
Additionally, it is doubtful if raw data has a value per se or rather only potential
value. This analysis is probably sector-based (e.g., personal data tend to have a high
commercial value in the context of behavioral advertising and big data). Finally, it
is questionable whether it will always be possible to establish a causal link between
secrecy of the information and commercial value.60
Data must be shared among the various actors in the data value chain and needs
to be subject to sufficient protection measures to keep it secret. The Directive gives
no guidance as to what may constitute reasonable steps (this assessment is to be
made by reference to the circumstances). However, at least in some jurisdictions, it
is possible to rely on confidentiality agreements as security measures.61 Yet, it could
be particularly difficult to allocate protection to a single actor controlling the trade
secret, where a multitude of data players interact.62
On ownership, the Trade Secrets Directive refers to the holder of a trade secret as
the person who lawfully controls that information. However, it introduces an effec-
tive right of control over data (granting protection of a de facto “possession”) while
remaining neutral on the question of ownership of information.63 It does not estab-
lish indeed a property right system (although it leaves Member States free to intro-
duce more far reaching provisions and to introduce property rights in data). However,
under the trade secrets discipline, operators are able to treat data as another form of
asset.
On the scope of protection, the Trade Secrets Directive does not go so far as to
introduce a new absolute-IP right for trade secrets, and indeed the protection is rela-
tive, i.e., only against misappropriation. Independent discovery of the same infor-
mation and reverse engineering are lawful. The Trade Secrets Directive grants
remedies against third party recipients of the data if they knew or should have
59
Osborne Clarke (2016), p. 10.
60
Drexl (2016).
61
Bird & Bird (2017), p. 110. This situation should now be harmonized (at least partially) under
the Trade Secrets Directive. See Banterle (2018).
62
Drexl (2016), p. 24.
63
Osborne Clarke (2016), p. 11. This absence of ownership contrasts with the default position in
patent and copyright law, where any rights arising in work done by an employee in the course of
her employment automatically belong to the employer. Employers will not automatically be the
holder of trade secrecy rights in valuable data arising from employees’ work. It will be important
to provide for this in employment contracts.
212 F. Banterle
known that the person passing it to them was not authorized to do so. This protec-
tion can be considered as better suited to serve the purposes of the data-economy, by
focusing on the specific way in which a third party has in unlawfully acquired access
to the data (instead of granting exclusive protection on the use of data against the
world), thus allowing a more flexible ownership regime, with the limits outlined
above.
3.2.2 Controllership Schemes Derived from Data Protection Law
The EU data protection legislation has been recently innovated by the General Data
Protection Regulation (“GDPR”).64 The GDPR sets out the rules for processing per-
sonal data, including the collection, use of, access to, and portability of personal
data, as well as the possibilities to transmit or transfer personal data.
The data protection legislation gives rise to two distinct ownership schemes. On
one hand, individuals shall have control on their data, as a general privacy right
(Recital 7 of the GDPR). This comes close to a quasi-property rights on personal
data,65 although it is debated if individuals are free to dispose or sell their data.66 On
the other hand, data controllers (the operators that process individuals’ data) have a
different kind of ownership in personal data, through a legitimate possession, as
data controllers.67 Indeed, data protection laws allow data controllers to exploit per-
sonal data for commercial purposes (based on data subjects’ consent or data con-
troller’s own legitimate interest—see Recital 47 GDPR in this regard). As long as all
data protection requirements are met (subject to an accountability principle), data
controllers can exploit those data. Thus, this position of legal control on the process-
ing of data entails a sort of factual possession of data, although it is not equipped
with direct exclusionary powers or special remedies against third parties, which
may also have competitive consequences. Additionally, some commentators have
argued that this control entitlement is in fact enhanced by market failure, where
information asymmetries between companies and users about the actual processing
of data occur and consumers face high monitoring costs68 that strengthen the factual
possession by data controllers.
64
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on
the protection of natural persons with regard to the processing of personal data and on the free
movement of such data, and repealing Directive 95/46/EC, OJ L 119.
65
A property right includes two powers: the right to use a good and the right to exclude others from
such use. Privacy rights do not include the right to use personal data (which resides in image rights,
name rights, etc.), but rather the right to exclude others from using them. See Purtova (2015) and
Ubertazzi (2014). See also Specht and Zerbst (2018) and Rees (2014).
66
The possibility to pay services with personal data was suggested by the Proposed Digital Content
Directive—Proposal for a Directive of the European Parliament and of the Council on certain
aspects concerning contracts for the supply of digital content COM (2015) 634 final. See Metzger
et al. (2018) for more details; see also Victor (2013), Purtova (2015) and Malgieri (2016).
67
In the same sense, see Bird & Bird (2017).
68
Sholtz (2001).
3.2.3 Traditional Property Rights
Data are intangible, non-rivalrous goods, and as such fall outside the traditional
definitions of property.69 Indeed, in light of the increasing role of immaterial assets,
it is lively debated whether the concept of property should be flexible enough to
extend it to new objects and rights, to apply also to res immateriales (traditionally
protected by intellectual property (IP) rights),70 to eventually allow commoditiza-
tion of data71 and be opened to move towards digitizing the Code civil.
Property rights in goods are subject to a numerus clausus principle, preventing
operators from creating previously non-existing property rights.72 The same princi-
ple applies to intellectual property, where law must determine the relevant subject
matter.73 Thus, interests in res immateriales not included in existing property rights
benefit from a limited protection, qualified as an “entitlement”,74 which is character-
ized by the absence of exclusivity.75 In this regard, to ensure protection in a similar
“grey zone” between private and public goods, a proposed solution relies on the
“material availability” of the immaterial good. A modern approach considers as a
“natural” concept the ownership of any utility produced by a private activity where
it has economic value.76 Moreover, a general principle has been occasionally
affirmed, under which any outcome of an economic activity constitutes a good and
its commercial exploitation is exclusively reserved to the entity that generated it (for
example, this was affirmed in relation to sport events).77 National property law has
been otherwise applied by courts linking “ownership” with respect to non-personal
data to the ownership of the physical means of storage of such data.78
69
Zeno-Zencovich (1989), p. 452.
70
Zech (2016a), pp. 59–60.
71
Purtova (2015) and De Franceschi and Lehmann (2015).
72
van Erp (2017), van Erp (2009) and Purtova (2015).
73
Resta (2011), p. 22. Intellectual property is protected by Art. 17.2 of the Charter of the
Fundamental Rights of the European Union. The CJEU in Promusicae (Productores de Música de
España (Promusicae) v Telefónica de España SAU, Case C 275/06, Judgment of 29 January 2008,
par. 62) confirmed that “the fundamental right to property […] includes intellectual property
rights”.
74
Van Erp (2017).
75
Zeno-Zencovich (1989), p. 460; van Erp (2017).
76
Resta (2011), p. 28.
77
Resta (2011), p. 45, referring to a judgment of the Court of Rome, First Instance, 31 March 2003,
in Foro it., 2003, I, 1879, in relation to sport events; and the judgment of the BGH, of 25 January
1955, in BGHZ, 16 (1955), 172, which held that non-protectable know-how can, however, be
subject to a general absolute right of the owner and unfair competition law protection. See, how-
ever, Hoeren (2014) for diverging case law, e.g., in the UK.
78
SWD (2017) 2 final, p. 19, recalling the decision of German Bundesgerichtshof (Federal Supreme
Court) of 15.11.2006 (ownership of software on a CD-ROM); and the recent decision of the same
court—decision of 10 July 2015—on the transfer of ownership on the physical storage as a result
of data recordings (in that case: audio recordings on a tape) would be leading to a transfer of own-
ership under civil law to the party that could claim rights on the data.
214 F. Banterle
This debate on extending the traditional property concepts to immaterial assets

was reinforced by the CJEU in UsedSoft.79 The CJEU defined the sale of an (tan-
gible or intangible) asset as “an agreement by which a person, in return for payment,
transfers to another person his rights of ownership in an item of tangible or intan-
gible property belonging to him”.80 In that case, the Court recognized ownership in
the downloaded copy of a software. Actually, it was correctly observed that the
Court did not apply a general concept of property to immaterial assets. It applied the
principle of exhaustion (typical of the analogic word) in the digital context and used
the concept of ownership in a downloaded file to re-balance copyright exclusive
right as another form of property.81
3.2.4 Unfair Competition Laws
In many European jurisdictions,82 unfair competition laws may protect intellectual

creations or economic assets against misuse and free riding (misappropriation of
information by former employees or by competitors, etc.), as a subsidiary form of
protection. Protection is normally granted against unlawful conducts contrary to
honest commercial practices and depends on factual circumstances. In many cases,
unfair competition law grants protection against misuse or misappropriation of con-
fidential information, recognizing a general ownership in that data.83
It is possible to attribute a role to these general laws in the definition of a data
ownership regime only in case there is sufficient economic justification for protec-
tion against free-riding. From an economic perspective, fee-riding should be con-
sidered unlawful where it undermines incentives for investment in the production of
the asset that is copied.84 In practice, this should mean that one has to prove invest-
ments/efforts in creating that dataset and/or the fact that the information at stake is
able to grant an unfair competitive advantage. However, it appears that unfair
competition laws follow different local approaches in the EU, that show a critical
level of de-harmonization and make it difficult to draw a common line.85
3.2.5 Factual Access Limitation and Contracts
Data can be factually protected by physical/technological access restrictions or by

contract. These are the two means market in the data-economy has used to grant
access to data, relying on factual exclusivity. Despite limitations arising from
79
CJEU, UsedSoft GmbH v Oracle International Corp, Case C-128/11, Judgment of 3 July 2012.
See SWD (2017) 2 final.
80
UsedSoft, par. 42.
81
Drexl (2016).
82
See Osborne Clarke (2016) for further details.
83
See Banterle (2018).
84
Drexl (2016).
85
Osborne Clarke (2016).
property laws (see Sect. 3.2.3 above), the CJEU has confirmed that contractual free-
dom can regulate access to databases not protected by copyright or the database
right, i.e., raw data.86
New contractual schemes are indeed emerging. In many cases, data are traded as
res immateriales. In particular, the ability to factually control data can trigger trans-
action following the traditional approach in the trade of immaterial assets that is
based on intellectual property categorizations.87 Data are subject to the assignment
of the right on the immaterial good encompassing such data, which also includes the
right of the computational use of those data.88 Data can be also subject to temporary
usage rights, following traditional intellectual property license schemes. In this
case, the existence of a property right in the data (in terms of intellectual property,
trade secrets, or data protection rights) is assumed. Where the data are not subject to
any ownership regime, they will be the subject of a contractual obligation to provide
the data (including the tangible asset where data are incorporated). In this case,
remedies will be of contractual nature, with no effects against third parties89 (except
for unfair competition law remedies, as explained above).
In other cases, data are traded as commodities and transferred as res corporales.90
Data can be considered as an aggregation of bits incorporated in electronic files. In
this case, their transfer can follow rules and practices that are most familiar to the
trading of commodities, in relation to which data show many functional similari-
ties.91 However, because of the particular nature of data, the rules for transferring
material assets can be influenced by those of immaterial assets. For example, if
intellectual property rights on the datasets encompassed in the tangible asset exist,
the general principle that the transfer of the tangible asset does not include the
assignment of the underlying IP rights in the material included in that asset applies.92
Other influences can derive from data protection laws. On the contrary, circulation
of immaterial assets can be affected by technological rules applicable data intended
as res corporales, such as consumer laws and communication laws (e.g., in relation
to technical standards for electronic communications, particularly in regulated
markets).93
Data can be also collected in deposits (or data lakes),94 to allow multiple parties
to access and re-elaborate vast amounts of data. There is an emerging trend in the
86
CJEU, Ryanair Ltd v PR Aviation BV, Case C 30/14, Judgment of 15 January 2015.
87
Drexl (2016), p. 29.
88
See Ottolia (2017), p. 221.
89
Ibid.
90
See Zech (2017).
91
Ottolia (2017), p. 222.
92
Except for those rights that are instrumental and necessary to use that asset.
93
Ottolia (2017), p. 234.
94
A data lake is a “subject-specific repository for large quantities and varieties of data, both struc-
tured and unstructured. The data lake accepts input from various sources and can preserve both the
original data fidelity and the lineage of data transformations.” See European Commission (2017)
Big data: a complex and evolving regulatory framework. https://ec.europa.eu/growth/tools-data-
bases/dem/monitor/sites/default/files/DTM_Big%20Data%20v1_0.pdf.
216 F. Banterle
offer of big data as a service: it is possible to outsource the computational use of

data to external providers better equipped to process large amounts of data. In that
case, it is common to have complex license arrangements, also in relation to the
results of the computational uses of the datasets. Raw data are also offered as a
service: services offer the data generation itself, e.g., real-time access to a measur-
ing device generating data. In this case, data is offered as a service rather than a
commodity. This distinction between commodity and service paradigm appears
important for applying contract law categorizations.95 In more complex data proj-
ects, where a multitude of actors interact in the elaboration of data in view of devel-
oping innovating technologies (e.g., smart cars), contract arrangements are adapting
to reflect the joint or partial ownership of the results of the data aggregation and
processing, and the ability to re-use the data. A solution could have complex pluri-
lateral framework agreements with the participation of all the actors involved in the
data elaboration. Similarly, data pools are a model—deriving from the patent expe-
rience—applicable to complex interactions of actors in innovative big data projects,
where the creation of a consortium of data players is a solution to allow complex
innovative data initiatives and a better governance of the data lakes.96
3.2.6 Conclusion
None of the data-related rights illustrated above configures a comprehensive owner-

ship regime. In some cases, they provide tools to protect structured datasets. In other
cases, they provide a more limited protection of a de facto “possession”, rather than
referring to a concept of “ownership”. In the absence of a full property regime appli-
cable to data as such, raw data is mostly controlled via contract and access restric-
tion mechanisms, based on factual exclusivity, without recognition of ownership in
the sense of private law. In fact, an ownership regime determined by contract, fac-
tual control, intellectual property, trade secrets, and data protection laws already
results in a strong protection mechanism for data.
4 The New Proposed Data Producer’s Right
The proposal of introducing a data producer’s right for non-personal or anonymized

data assumes that EU data-economy would require protecting types of data not nec-
essarily eligible for IP protection, but which merit protection as a valuable asset of
the data value cycle. A similar right would enhance the tradability of non-personal
machine-generated data as an economic good.97
95
Zech (2017).
96
For more details see Ottolia (2017), p. 272.
97
SWD (2017) 2 final, p. 33; Zech (2016a).
4.1 Scope of the Right
The Commission’s proposal is quite general and vague on the new proposed data
producer right. However, its main features could be summarized as follows. It
should be a right in rem, granting exclusive rights to re-utilize the data against the
world (erga omnes). It would include a set of rights enforceable against any third
party, independent of contractual relations. In other words, it would prevent further
use of data by third parties, including the right to claim damages for unauthorized
access and use of data.98
As an alternative option, the Commission proposed considering—instead of creat-
ing a right in rem—conceiving it as a purely defensive right.99 It would in fact follow
the approach adopted by the Trade Secrets Directive, protecting a de facto possession
(rather than recognizing a concept of ownership), as a relative right (i.e., only against
misappropriation). It would provide defensive elements of a right in rem.100
To avoid granting too broad rights, there are two main limitations, relating the
scope of the protected subject matter. First, the new right would not apply to per-
sonal data, as the protection of the latter is a fundamental right, and their use is
subject to individuals’ control. Second, the scope of the data covered recalls Prof.
Zech’s classification, which is based on semiotics.101 It distinguishes between con-
tent layer, code layer and physical layer, to define information and treat it as an
object. The new right would protect non-personal or anonymized machine-generated
data not yet structured in a protected database. However, the protection should cover
only the “syntactical” level information102 (information represented by a certain
amount of “signs”: representation in code form).103 This includes metadata, as they
98
SWD (2017) 2 final, p. 33.
99
SWD (2017) 2 final, p. 33, citing Kerber (2016), that appears to be favouring this approach.
100
It would be possible for the de facto data holder to sue third parties in case of misappropriation
of data. In particular, the following civil remedies would be granted: (i) the right to seek injunc-
tions preventing further use of data by third parties who have no right to use the data; (ii) the right
to have products built based on misappropriated data excluded from market commercialization;
and (iii) the possibility to claim damages for unauthorized use of data. In particular, the Commission
believes that the protection should not be limited so that mere dissemination of data without a real
use made of the data could remain lawful [As suggested by Mattioli (2014)]. This is because such
an approach would work only on the assumption that what happens de facto is already a balanced
and efficient data market. Moreover, in the Commission’s view, this assumption may not be cor-
rect. In particular, it would be necessary to combine this approach with other measures to avoid
consolidating de facto situations that could amount to market failures. See SWD (2017) 2 final,
p. 33.
101
Zech (2015), citing Eco, A Theory of Semiotics, 1978.
102
SWD (2017) 2 final, p. 33; Quoting Zech (2016a). The Commission offers the following exam-
ple: an e-book or a photographic image has a semantic level which is the expression of ideas or the
presentation of objects or persons. Copyright covers this level of information. However, the data
file of such an e-book or image is merely a representation of signs encoding such information usu-
ally requiring tools to present the information.
103
Syntactic information are bits, texts, pictures—intended as a number of signs, sound recordings,
or data—intended as information coded for machines.
218 F. Banterle
contain the information necessary to use the data subject to such a potential new
right. The “semantical” level information (the “meaning”: information and ideas
encoded in the data) would be excluded from the scope of protection.104 Based on
Prof. Zech explanation, the scope of protection would in particular include use by
carrying out statistical analyses, but not the re-creation of the same data by indepen-
dent measurement.105 The Commission does not define the term of protection.
According to Prof. Zech, the term should be short.106
4.2 Right Allocation
On initial ownership, according to Prof. Zech’s suggestion, the right would initially
belong to the operator economically responsible of the equipment that generates the
data.107 In the Commission’s proposal, the allocation of the data producer right
should consider the investments done and the resources put into the creation of the
data.108 In that regard, investments are made most often by: (i) the manufacturer of
the sensor equipped machines or device—that invested in the creation of that tool or
system; or (ii) the economic operators using such devices, that purchased the tool or
paid a lease fee on that tool or machine.
If more entities have invested in the data collection through that machine or
device, according to the Commission, this should result in joint rights on the data
generated. Since there may be a multitude of actors owning and/or operating the
equipment used to generate the data, and allocating the right might be problematic,
freedom to contract should allow deviating from that rule.109
If instead a set of purely defensive rights is to be considered, such rights could
protect de facto data holders that have lawful possession of data against unlawful
use by others. This would in fact replicate the same scheme of the Trade Secrets
Directive, without application of the need of implementing reasonable security
measures or secrecy requirement, since data need to be shared with a wider range of
business partners. Technical measures such as digital watermarking would need to
complement such a potential new right to make rights on data traceable.
104
Zech (2015), p. 194.
105
Zech (2016a), p. 75.
106
Since using data by analyzing them can be done relatively quickly—Zech (2016a), p. 75.
107
Zech (2016a), p. 75.
108
SWD (2017) 2 final, p. 35.
109
SWD (2017) 2 final, p. 35.
5 Possible Negative Effects of Data Producer’s Right
5.1 E
xcessive Protection and Overlap with Existing
Intellectual Property Rights
The proposed data producer’s right has been lively criticized.110 Yet, as Prof. Drexl
stated, equating data with tangible objects under a property right is risky because
there are different economic models characterizing immaterial from tangible assets.
Property provides two sub-rights: a right to use a good and a right to exclude others
from that use. The debate on data ownership is inspired by the lack of protection on
the right to use (allocation problem). The recognition of an exclusive right on data
against the world would amount to a very powerful intellectual property right (a
super IP right)111 that exceeds the limitation that intellectual property law has set for
preventing data appropriation.
Such an exclusive right would risk creating barriers to the free flow of informa-
tion. Indeed, the supposed balancing elements do not seem adequate: the semanti-
cal/syntactical level distinction does not appear straightforward. On the contrary, it
seems very hard to apply in concrete, as in most cases there will likely be an intrin-
sic relationship between the external form of data as electronic bits (syntactic layer)
and its content (semantic layer), also because of the fact that data are commonly
based on standardized protocols.112 Moreover, from an economic perspective, a
right to exclude others from the use of data is less relevant than in the case of tan-
gibles. Data are not rivalrous: re-use of the same data by third parties does not pre-
vent the owner from their use. Additionally, raw data protection would not be
connected to an intrinsic merit of that information (opposed to trade secrets or data-
base protection). Therefore, the prejudice of the rightholder would only be in terms
of missing a chance to potentially monetize an internal asset—problem that can be
solved by way of contract and technological access restrictions.
The data producer’s right would overlap and compete with existing intellectual
property protection.113 This is mostly because the intellectual property rightholder
110
See Drexl (2016), Drexl et al. (2016), Hugenholtz (2018) and Ottolia (2017).
111
Hugenholtz (2018).
112
Ibid. The risk of this situation appears to be recognized also by Prof. Zech (2015), p. 194: “Thus,
the physical layer carries the syntactic layer and the syntactic layer the semantic layer.” For exam-
ple, GPS sensor-generated data produced by smartphones are commonly collected by apps, trans-
ferred to third parties, and then used for computational analysis for commercial purposes (e.g., to
study a particular audience in a target metropolitan area, or for developing location-based ser-
vices). How is it possible to differentiate the syntactic level from the semantic layer in the data
produced by the GPS sensors? The formal expression of the GPS unit/data (the code/bit) is
expressed in the form of geographical coordinates associated to an identifier (e.g., IP address) and
a timestamp, i.e., there is a one-to-one relationship with the semantic level (the geographical
coordinates).
113
Hugenholtz (2018). For instance, a database of consumer behavioral data collected from a
cloud-based service, which is used to identify patterns to create customer segments, would qualify
as a database protected under the sui generis database right; in some cases, as a creative database
220 F. Banterle
on that content may not be the same entity operating the machine that generates the
data. Additionally, this overlap may conflict with and undermine exceptions under
copyright and database rights—unless the data producer’s right would replicate all
the existing ones. Additionally, intellectual property rights on data can co-exist with
data protection rights.114 The new data producer rights would instead apply only to
non-personal data and in certain sector (e.g., big data relating to consumer behav-
iors) this would add an additional difficulty.
The new right would undermine typical intellectual property mechanisms of
incentives. Indeed, the data producer right has no originality or similar eligibility
threshold connected to an intrinsic merit or value of that information. It is granted
only in view of the potential value of raw data. It would exceed intellectual property
rights’ limitation (e.g., data collection/creation limitation in database right; secrecy,
and commercial value for trade secrets). Thus, it would in fact offer an additional
layer of protection that it is easier to obtain, competing with other intellectual prop-
erty and similar data-related rights.
The exclusion of information and data as such from the scope of intellectual
property law should not be deemed merely ontological.115 Intellectual property
law’s denial to protect data reflects instead a specific information policy not to pro-
tect information as such (and the same applies to trade secrets protection that is not
following a property approach), that is depending on a variety of public interest
values. First, freedom of expression and information, and then innovation. If we
consider the American experience on protection of data and facts, in the Feist deci-
sion (which is considered as one of the antagonists of the sui generis database right
in the EU),116 the United States (US) Supreme Court explained why granting
exclusive rights on facts and data is contrary to the primary objective of (US) copy-
right system. That is, not to reward the author, but ultimately to promote progress of
culture and of the society. In doing so, copyright grants protection to the original
expression of a work but encourages other authors to build freely upon the ideas and
information conveyed by a work. That is the core of the idea-expression (or fact-
expression) dichotomy: “as applied to a factual compilation, assuming the absence
of original written expression, only the compiler’s selection and arrangement may
be protected; the raw facts may be copied at will. This result is neither unfair nor
unfortunate. It is the means by which copyright advances the progress of science
and art.”
that enjoys copyright protection; but also as a machine-generated data subject to the data produc-
er’s right (that could belong to the cloud provider). The database right was designed to avoid cross-
ing the frontier of other IP rights; the new data producer right risks leading to extensive overlaps
and result in plurilateral competing claims of ownership in the same material.
114
Banterle (2018).
115
Hugenholtz (2018).
116
Football Dataco & Others v Stan James Plc & Others and Sportradar GmbH & Others, [2013]
EWCA Civ 27, par. 98.
It appears that there is no natural law that says that, only because it has value,
data as an asset has to be owned by somebody.117 Recognition of any new intellec-
tual property right should be considered a form of government regulation of the
market. It needs a particular justification, that for the data ownership needs to be an
economic one: solving a market failure by creating an economic incentive for the
production of data and facilitating the re-use and trade of data.118 Instead, no eco-
nomic evidence supports the introduction of such data producer’s right.119 In par-
ticular, there is no evidence of the absence of incentives for producing data, nor that
data-driven businesses are suffering from allocation problems. It is possible in prin-
ciple that the data-economy suffers from market failures, but it seems that there are
enough possibilities of trading data, and trading issues seem solvable through con-
tract and technical access restrictions.
Lastly, the innovation of big data and of the data-economy requires that these
new resources and knowledges should be exploited as freely as possible. Otherwise,
their potential, and the relevant benefits for the society as a whole, cannot be
unleashed. This seems the same reason why the Commission proposed a text and
data mining exception in the DSM Copyright Directive. Although the scope of the
proposed exception appears too narrow (and could have negative effects, as under-
lined above), it confirms the need of promoting such uses and the accessibility of
data. The introduction of a new right in data risks going in the opposite direction.
5.2 Legal Uncertainty, Data Fragmentation, and No Flexibility
The concept of big data is often expressed by three features: volume, variety, and
velocity. Real-time data generation and the amount of data processed would make
difficult defining a clear concept of ownership, in terms of subject matter (the syn-
tactical v. semantical level distinction appears difficult to apply) and allocation of
the ownership to the various actors of the data value cycle.
The introduction of a new right would not provide the flexibility needed to per-
form big data analytics, and it risks restricting contractual autonomy, as the industry
has pointed out.120 Contract practice over data is fast-evolving and already treating
data as property, where needed. The unique downside of leaving the solution to the
market appears in the case of unequal bargaining power of the parties: a stronger
117
Drexl (2016).
118
Hugenholtz (2018).
119
European Commission, Joint Research Centre (2017) and Kerber (2016).
120
European Commission (2016) Synopsis report on the contributions to the public consultation
regulatory environment for data and cloud computing. https://ec.europa.eu/digital-single-market/
en/news/synopsis-report-contributions-public-consultation-regulatory-environment-
data-and-cloud; and Id. (2017) Synopsis report of the public consultation on building a European
data economy. Available at: https://ec.europa.eu/digital-single-market/en/news/synopsis-report-
public-consultation-building-european-data-economy.
222 F. Banterle
party can obtain an advantage over a weaker party and/or create data lock-in effects.
However, this does not seem enough to justify the introduction of new rights.
Indeed, the same data industry rejects the introduction of new property rights in
data, stressing that they are able to implement their business models by relying on
contract law. Most probably, data ownership is not a concept that fits the needs of
the data economy at all: given the velocity of the data-economy, any legislation in
this area would likely inhibit the freedom of the parties121 and the introduction of a
new right is seen as a form of governmental intervention to be avoided.122 Well-
defined ownership rights may increase data fragmentation and prevent the realiza-
tion of economies of scope because of high transaction costs.123 It would risk
creating dominant positions on information. It would contravene freedom of expres-
sion and information, and pose new obstacles to freedom of competition, freedom
of services, and ultimately the free flow of data.124
6 Conclusion
Do we really need to define ownership in data? In the Roman law tradition, by quali-
fying the form of ownership, it is possible to obtain the type of utility that is legally
protected.125 Similarly, economists are inclined to think that well-defined private
property rights are a necessary condition for an efficient resource allocation.
However, no economic evidence so far supports the introduction of such data pro-
ducer’s right: further research is required.126 Indeed, the subject matter and scope of
protection of the new right should be based on the interests and uses deserving
protection and in framing the new regime economic arguments play a key role.127 At
the moment, there seems to be no significant market failures (despite it is not
excluded that this can occur, in principle). The industry is not concerned to establish
complex contractual arrangements for managing their data.128 The same orientation
emerged from the recent public consultations launched by the Commission.129 The
complexity of the market is still not clear. Probably, it may be necessary to await a
121
Osborne Clarke (2016), p. 86.
122
Drexl (2016), p. 6.
123
European Commission, Joint Research Centre (2017).
124
Hugenholtz (2018).
125
Zeno-Zencovich (2018), p. 3.
126
European Commission’s Joint Research Centre (2017) and Kerber (2016).
127
Drexl (2016).
128
Osborne Clarke (2016).
129
European Commission (2016) Synopsis report on the contributions to the public consultation
regulatory environment for data and cloud computing. https://ec.europa.eu/digital-single-market/
en/news/synopsis-report-contributions-public-consultation-regulatory-environment-
data-and-cloud.
more mature commercial landscape to formulate if and what legislative intervention

would be most appropriate.130
Introducing new exclusive rights in data does not seem appropriate in the
data economy and it apparently does not fit with the main goal of ensuring a free
flow of data. At the current stage, it is impossible to predict where value will be
created. Access to data and the creation of knowledge should therefore be guar-
anteed. There is no room for experimenting new rights, that are in fact very dif-
ficult to be reversed once introduced in the legal system. The Database Directive
offers a valuable example. Despite the evaluation of the Database Directive
done by the European Commission in 2005—after 10 years, showed that the
Directive had no positive effect (and that instead in the US after Feist—despite
no new right on data was introduced, the database industry significantly grew),131
in 2017 the Commission has launched a new consultation with the aim of con-
firming the Directive.132 The result is that there is little evidence and unclarity
regarding the application and effects of the Directive. However, there is no plan
for a U-turn.
Considering the three characteristics of big data—volume, velocity, and variety,
it is reasonable to say that in the data economy, access is more important than prop-
erty in the data. Indeed, in the data-economy, granting access equates to possessing
information in traditional property categorizations. Hence, efforts should go into the
direction of investigating the possibility of promoting access to information in a
pro-competitive way, where factual control creates a lock-in effect,133 particularly in
relation to the sources of information (i.e., where the analysis of real-time data can
take place).134 As an alternative to an exclusive right (in line with the options pro-
posed by the Commission), exploring access to data against remuneration (adopting
a liability rule instead of a property rule) seems fitting best the data-economy. In that
case, it could be considered degrading a property right to a right to compensation,
which could happen at Fair, Reasonable, and Non-Discriminatory (FRAND) condi-
tions. In fact, the original proposal of the Database Directive included a similar
provision, with an obligation to license on non-discriminatory terms where the data
were not available from other sources (that was eventually discharged).135 However,
130
Same conclusion reached by Osborne Clarke (2016).
131
European Commission (2005) First evaluation of Directive 96/9/EC on the legal protection of
databases, DG Internal Market and Services Working Paper, Brussels. http://ec.europa.eu/inter-
nal_market/copyright/docs/databases/evaluation_report_en.pdf.
132
See European Commission website newsroom, Commission launches public consultation on
Database Directive, posted on 24 May 2017. https://ec.europa.eu/digital-single-market/en/news/
commission-launches-public-consultation-database-directive.
133
Drexl (2016).
134
Surblyte (2016).
135
COM (92) 24, p. 4, recital 31, Art. 8. See Banterle (2018) and the European Commission’s
Explanatory memorandum to the Proposal for a Council Directive on the legal protection of data-
bases COM (92) 24 final.
224 F. Banterle
as it is currently happening in certain contexts,136 applicability of such obligations

should be sector-based: the data-economy is growing too fast and show too many
different situations that one rule for all sub-markets seems difficult to achieve, and
this is arguing against a regime of general applicability. Again, data indispensability
must be further analyzed and provide economic evidences137—with extreme pru-
dence when it comes to take any action to make more data available for reuse.
Meanwhile, the Commission can also support industry by promoting contractual
models, standardization agreements, and standardized tools that allow access, pro-
cessing, collection, and interoperability of data.
References
Banterle F (2018) The interface between data protection and IP law: the case of trade secrets and
the database sui generis right in marketing operations, and the ownership of raw data in big
data analysis. In: Bakhoum et al (eds) Personal data in competition, consumer protection and
intellectual property law. MPI Stud. Intellec. Property, vol 28. Springer, pp 411–443
Banterle F, Ghidini G (2018) A critical view on the European Commission’s Proposal for a
Directive on copyright in the Digital Single Market. Giur Comm 6:921–957
Bird & Bird (2017) White Paper - data ownership in the context of the European data economy:
proposal for a new right. https://sites-twobirds.vuture.net/1/773/landing-pages/white-paper-
form.asp
De Franceschi A, Lehmann M (2015) Data as tradable commodity and new measures for their
protection. Ital Law J:51–72
Drexl J (2016) Designing competitive markets for industrial data – between propertisation and
access. Max Planck Institute for Innovation and Competition Research, Paper No. 16-13
Drexl J, Hilty R et al (2016) Position statement of the Max Planck Institute for Innovation and
Competition on the current debate on exclusive rights and access rights to data at the European
level. GRUR Int 65(10):914–918
European Commission, Joint Research Centre (Duch-Brown N, Martins B, Mueller-Langer F)
(2017) The economics of ownership, access and trade in digital data. JRC Digital Economy
Working Paper 2017-01
136
See SWD (2017) 2 final, p. 21. Sector-specific legislation regulates the access to private non-
personal data. Regulation 715/2007 regulates access to in-vehicle data for supporting the market
for after-sales services—maintenance and repair (Art. 6). Data does not have to be provided for
free, but under a reasonable and proportionate fee (Art. 7). The ITS Directive (Directive 2010/40/
EU of the European Parliament and of the Council of 7 July 2010 on the framework for the deploy-
ment of Intelligent Transport Systems in the field of road transport and for interfaces with other
modes of transport, OJ L 207) calls for actions to allow the sharing and exchange of transport and
traffic data. The Payment Services Directive (Directive 2015/2366/EU revising Directive 2002/65/
EC) also regulates access to ‘payment information’ under certain conditions, thus favoring the
development of fintech industry.
137
See SWD (2017) 2 final, p. 21, recalling the main conditions outlined by the CJEU for any
action based on competition law principles to lead to an obligation to license the use of commercial
information: (i) that the data is indispensable for the downstream product; (ii) that there would not
be any effective competition between the upstream and downstream product; (iii) that refusal pre-
vents the emergence of the second product; and (iv) there is no objective reason for the refusal. See
also Drexl (2016), p. 48.
Ginsburg JC (2018) People not machines: authorship and what it means in the Berne Convention.
IIC 49:131–135
Hoeren T (2014) Big data and the ownership in data: recent developments in Europe. EIPR
36(12):751–754
Hugenholtz P (2018) Against ‘Data Property’. In: Ullrich H, Drahos P, Ghidini G (eds) Kritika:
essays on intellectual property, vol 3. Edward Elgar Publishing, Cheltenham, pp 48–71
Kerber W (2016) A new (intellectual) property right for non-personal data? An economic analysis.
GRUR Int 989
Malgieri G (2016) Property and (intellectual) ownership of consumers’ information: a new tax-
onomy for personal data. PinG 4:133
Mattioli M (2014) Disclosing big data. Minn Law Rev:535–583
Metzger A, Efroni Z, Mischau L, Metzger J (2018) Data-related aspects of the digital content
directive. JIPITEC. https://www.jipitec.eu/issues/jipitec-9-1-2018/4682
OECD (2015) Data-driven innovation: big data for growth and well-being. OECD Publishing
Osborne Clarke (2016) Legal study on ownership and access to data. European Union Bookshop
Ottolia A (2017) Big data e innovazione computazionale. Giappichelli, Turin
Perry M, Margoni T (2010) From music tracks to Google maps: who owns computer-generated
works? Comput Law Secur Rev 26:621–629
Purtova N (2015) The illusion of personal data as no one’s property. Law Innov Technol 7(1):83
Ramalho A (2017) Will robots rule the (artistic) world? A proposed model for the legal status of
creations by artificial intelligence systems. J Internet Law 21(1):12–25
Rees C (2014) Who owns our data? Comput Law Secur Rev 30(1):75
Resta G (2011) Nuovi beni immateriali e numerus clausus dei diritti esclusivi. In: Resta (ed) Diritti
esclusivi e nuovi beni immateriali. Utet
Sholtz P (2001) Transaction costs and the social costs of online privacy. First Monday 6(5). http://
firstmonday.org/ojs/index.php/fm/issue/view/133
Specht L, Zerbst J (2018) Considering the relationship between the civil law treatment of data and
data protection law in Germany. JIPLP 13(6):504–512
Surblyte G (2016) Data as a digital resource. Max Planck Institute for Innovation and Competition
Research Paper No. 16-22
Ubertazzi LC (2014) Proprietà intellettuale e privacy. Foro it.: 3-16
Van Erp S (2009) From ‘classical’ to modern European property law? In: Sakkoulas, Bruylant
(eds) Essays in honour of Konstantinos D. Kerameus, pp 1517–1533 (also available at SSRN:
http://ssrn.com/abstract=1372166)
Van Erp S (2017) Ownership of digital assets and the numerus clausus of legal objects. Maastricht
European Private Law Institute Working Paper No. 2017/6. Available at SSRN: https://ssrn.
Victor JM (2013) The EU general data protection regulation: toward a property regime for protect-
ing data privacy. Yale Law J 123(2):266
Wiebe A (2016) Protection of industrial data: a new property right for the digital economy? JIPLP
12(1):62–77
Zech H (2015) Information as property. JIPITEC 6:192
Zech H (2016a) Data as a tradable commodity. In: De Franceschi (ed) European contract law and
the Digital Single Market. Intersentia, pp 51–79
Zech H (2016b) A legal framework for a data economy in the European Digital Single Market:
rights to use data. J Intellect Prop Law Pract 11:460–470
Zech H (2017) Data as a tradeable commodity – implications for contract law. In: Drexl (ed)
Proceedings of the 18th EIPIN congress: the new data economy between data ownership,
privacy and safeguarding competition. Edward Elgar Publishing, forthcoming. Available at
SSRN: https://ssrn.com/abstract=3063153
Zeno-Zencovich V (1989) Cosa. In: Digesto delle discipline privatistiche. Utet, vol IV, p 438
Zeno-Zencovich V (2018) Dati, grandi dati, dati granulari e la nuova epistemologia del giurista.
Medialaws, 2
Chapter 10
Net Neutrality: Chances and Challenges
in the Information Age
Ioannis Iglezakis
Abstract Traffic management on the internet might lead to discriminatory prac-

tices, in case network operators block or degrade online services that compete with
their own services. Such practices jeopardize the open character of the internet and
stifle competition on the net. In the EU, the European Commission acknowledged
in 2009 its commitment in preserving the open and neutral character of the internet,
and vowed to enshrine net neutrality as a policy objective and a regulatory principle.
Consequently, Regulation 2015/2120 was adopted aiming to safeguard equal and
non-discriminatory treatment of traffic on the provision of internet access services
and related users’ rights. Providers of internet services are allowed, however, to
apply reasonable traffic management in accordance with objectively justified tech-
nical requirements. The situation is different in the U.S., where the rules on net
neutrality, that were adopted by the Federal Communications Commission in 2015,
were repealed in December 2017. However, several U.S. states have introduced
state legislation to ensure net neutrality, and this has been challenged before the
courts. Contentious issues related to net neutrality appear additionally on the intro-
duction of the 5G mobile network standard.
1 Introduction
The internet is a global network connecting individuals and businesses worldwide.

It owes much of its success to the fact that it is an open network, allowing easy and
low-cost access and use of its services. Its architecture is indeed unique, as it is a
decentralized network with no dependency on a central distribution system, which
uses a packet-switching technology that cannot be controlled by traditional mecha-
nisms used in telecommunications.1 Mainly because of this characteristic, the
internet was subject to a liberal regulatory regime already from the beginning. This
See Savin (2013), p. 5.

1
I. Iglezakis (*)
Aristotle University of Thessaloniki, Thessaloniki, Greece

https://doi.org/10.1007/978-3-030-25579-4_10
228 I. Iglezakis
liberal approach is enshrined in the existing legal framework. In the European Union
(EU), Directive 2000/31 (E-Commerce Directive) includes, inter alia, the principle
that the activities of information society service providers may not be made subject
to prior authorization by the state.2 In the U.S., the Federal Communications
Commission (FCC) does not regulate information technology services, unlike elec-
tronic communication services, although the internet uses the telecommunications
infrastructure.3
A great challenge to the openness of the internet are the traffic management
practices put in place by network operators. Modern technology allows internet
service providers (ISPs) to prioritize traffic with a low latency threshold, such as
VoIP, and streaming media over traffic with a high latency threshold, such as web
browsing or music download. While providers argue that in this way they can use
more efficiently the limited bandwidth to provide better services, it has been argued
that this allows them to discriminate against certain applications or data types, and
thus, worsen the quality of competitive services, such as Skype, YouTube or Netflix,
or even slow-down upload speed and thus, make it difficult to use file or video shar-
ing services.4
These practices endanger the open character and the neutrality of the internet,
i.e., the provision of the same standard of service regardless of the application and
content used and open the way to ISPs to discriminate between different applica-
tions and content distributed on the internet.5
To deal with this situation, the EU has adopted rules on net neutrality, i.e., the
principle of safeguarding equal and non-discriminatory treatment of traffic on the
internet, with the objective to preserve the openness of the internet. Interestingly in
the U.S., the FCC adopted the Open Internet Order in 2015 that also dealt with this
issue. It prohibited broadband providers from blocking or slowing traffic, as well as
from promoting paid prioritization. These rules were challenged by internet provid-
ers that argued that they stifled investment and thus, they were repealed by the
Republican led government in December 2017. This left the EU as the sole propo-
nent of net neutrality protection at international level.
2 Definition of Net Neutrality
Network neutrality or in other words, net neutrality, is referred to as ‘The First

Amendment of the Internet’,6 meaning that it is a fundamental principle of cyber-
space. One of the front-runners in this area, Tim Wu, referred to net neutrality as “a
principle according to which the network does not favor one application over
2
E-Commerce Directive, Article 4.
3
See Oxman (1999).
4
See Murray (2013), p. 16.
5
See Nunizato (2009); Murray (2013), p. 7.
6
See LSE Media Policy Project Blog (2011).
10 Net Neutrality: Chances and Challenges in the Information Age 229
others” and “to treat all content, sites, and platforms equally”,7 while Murray stated
that it is “the principle that data packets on the internet should be moved impartially,
without regard to content, destination or source”?.8 These definitions evidently con-
centrate on technical aspects of the network and impose the application of the prin-
ciple of non-discrimination to internet traffic.
Net neutrality is a regulatory principle, and as such, it is not defined expressis
verbis in legislation. However, Article 8 (4) (g) of Directive 2002/21(Framework
Directive),9 in its previous form, provided that national regulatory authorities should
be obliged to promote the interests of the citizens of the EU by promoting the ability
of end-users to access and distribute information to run applications and services of
their choice, without prejudice to national measures laid down to fight illegal activi-
ties. This definition is now included in the preamble of Regulation (EU) 2015/2120,
laying down measures concerning open internet access (Regulation 2015/2120 or
Regulation),10 which established rules on open internet access.11
Under the preamble of Regulation 2015/2120, “the measures provided for in this
Regulation respect the principle of technological neutrality, that is to say, they nei-
ther impose nor discriminate in favor of the use of a particular type of technology”.12
This is further exemplified, as it is mentioned that “end-users should have the right
to access and distribute information and content, and to use and provide applica-
tions and services without discrimination, via their internet access service.”13
Arguably, net neutrality is not only concerned with the content of internet traffic.
It also implies the right of individual users to enjoy uninhibited access to the use of
online services, and thus, a rights-based approach appears more appropriate than the
U.S. approach which was oriented towards regulating broadband services as a pub-
lic utility and classifying high-speed internet as a telecommunications service.
7
See Wu (2003).
8
See Murray (2013), p. 25.
9
Directive 2002/21/EC of the European Parliament and of the Council of 7 March 2002 on a com-
mon regulatory framework for electronic communications networks and services, OJ L 108/33,
24.4.2002.
10
Regulation (EU) 2015/2120 of the European Parliament and of the Council laying down mea-
sures concerning open internet access and amending Directive 2002/22/EC on universal service
and users’ rights relating to electronic communications networks and services, and Regulation
(EU) No 531/2012 on roaming on public mobile communications networks within the Union, OJ
L 301/1.
11
Ibid, Recital. 3.
12
Ibid, Recital 2.
13
Ibid, Recital 6.
230 I. Iglezakis
3 The Rationale for Net Neutrality
Rules on net neutrality are important because they are purported to maintain the
open character of the internet, and allow internet users to gain access to online con-
tent and services without any discrimination and hinderance from service providers.
For businesses, this means that they will not be forced to pay so that their services
(i.e., streaming services) are not blocked or throttled.14 For start-up businesses, it is
also important to compete on same terms with bigger companies, when offering
online services.
A prominent example of discriminating internet content by an ISP was the
U.S. Comcast case in 2017. Comcast, which is the largest internet access provider
in USA, throttled traffic to BitTorrent, a peer-to-peer service. A complaint was filed
with the FCC by non-profit advocacy organizations alleging that Comcast’s action
violated the FCC Internet Policy Statement. More specifically, they stated that “con-
sumers are entitled to access the lawful Internet content of their choice… [and] to
run applications and use services of their choice”. Consequently, the FCC issued an
order prohibiting Comcast from interfering with subscribers’ use of peer-to-peer
software and ruled that it impeded consumers’ ability to access content and use their
desired applications. The FCC’s decision was appealed by Comcast and the
D.C. Circuit Court of Appeals vacated the decision.15
In the EU, the Body of European Regulators of Electronic Communications
(BEREC) issued a report in 201216 in which it presented its findings on traffic man-
agement practices in Europe. Accordingly, almost one third of internet access sub-
scribers were affected by such practices (blocking or throttling). Such restrictions
were related to specific types of traffic such as peer-to-peer traffic on fixed and
mobile networks, as well as blocking of VoIP traffic, mostly on mobile networks,
whereas in a number of cases preferential treatment was given to specific types of
traffic or applications at peak times, such as http, DNS, VoIP, gaming, instant mes-
saging, etc., and lower priority was given to applications such as file downloading,
P2P, etc.
It should be noted that network neutrality is not uncontested and providers of
electronic communications to the public perceive it as a constraint on price dis-
crimination, since regulations impose direct restrictions on ISP pricing. They also
state that elements of network neutrality impose regulatory burdens on ISPs, and
that network neutrality requirements constitute a “confiscatory” and unlawful “tak-
ing” of their property, as they cannot profit the most with complete freedom to capi-
talize on their investment in the next generation infrastructure.17 It is therefore
evident that any legislation should attempt to strike a balance between the interests
14
See, i.e., European Commission - Fact Sheet, Roaming charges and open Internet: Questions and
answers, 30 June 2015.
15
Comcast Corp. v. FCC, 600 F.3d 642 (D.C. Cir. 2010).
16
BEREC (2012).
17
See Frieden (2007).
of providers and network operators, who must be able to keep investing and innovat-
ing in a competitive environment, and end-users, who must be able to access and
distribute the content, services, and applications of their choice.
4 Regulatory Models
In the U.S. and the EU, there are different regulatory models in place regarding net
neutrality.
4.1 USA
In 2015, the U.S. Federal Communication Commission adopted the Open Internet

rules to protect and maintain open, uninhibited access to lawful online content.
These rules prohibited18: (a) blocking: broadband providers could not block access
to lawful content, applications, services or non-harmful devices; (b) throttling:
broadband providers could not deliberately target some lawful internet traffic to be
delivered to users more slowly than other traffic; (c) paid prioritization: broadband
providers could not favor some internet traffic in exchange for consideration of any
kind. Internet service providers are also banned from prioritizing content and ser-
vices of their affiliates.
These rules also put in place standards going forward to ensure that ISPs cannot
engage in new or different practices, outside those three prohibitions, that would
cause similar harms to the open internet.
However, the Trump administration withdrew the rules on net neutrality adopted
by the Obama administration, arguing that these rules are impeding investment, and
instead, lighter regulation is necessary.19 Namely, on January 4, 2018, the FCC
issued the Restoring Internet Freedom Order that took effect on June 11, 2018.
The new FCC framework consists of three parts: (a) consumer protection: the
Federal Trade Commission will police and take action against ISPs for anticompeti-
tive acts or unfair and deceptive practices; (b) transparency: ISPs must publicly
disclose information regarding their network management practices, performance,
and commercial terms of service through their company website or the FCC’s web-
site; (c) removal of unnecessary regulations, i.e., applying Title II of the
Communications Act of 1934 to network providers to promote broadband
investment.
Online content companies, such as Google, Amazon, Twitter, Facebook,
Dropbox, Ebay, and others reacted against this rule change, arguing that telecom
operators would discriminate against specific content and that ‘fast lanes’ would be
18
FCC, Restoring Internet Freedom.
19
See Trump’s plan to overturn net neutrality rules to face ‘a tsunami of resistance’, Rushe (2017).
232 I. Iglezakis
created for those that would agree to pay broadband providers.20 Furthermore, oppo-
nents of the repeal of net neutrality rules expressed their concern that ISPs will have
excessive control over the internet and even initiate the splitting and trading of
access to particular services in bundles, similarly to cable-TV services.21
Despite the repeal of the FCC rules, many U.S. states introduced net neutrality
legislation, but the U.S. Justice Department and trade groups representing internet
providers challenged these state laws before the courts.22
4.2 EU
In the EU, Regulation 2015/2120 enshrined Net Neutrality following previous leg-
islative initiatives. The telecommunications regulatory framework, which was
enacted in 2009, included various provisions reflecting this principle that although
not directly addressed certainly influenced EU telecom policies at that time.
In particular, various amendments were made to the regulatory framework before
the enactment of Regulation 2015/2120. Firstly, Article 8 of the Framework
Directive (as amended by Directive 2009/14023 and Regulation 544/200924) pro-
vides that National Regulatory Authorities (NRAs) shall promote the interests of the
citizens of the EU by, inter alia, promoting the ability of end-users to access and
distribute information or run applications and services of their choice. Secondly,
Article 20 (1)(b) of Directive 2002/22/EC (Universal Sales Directive)25 provides
that consumers and end-users have the right of information concerning traffic man-
agement, i.e., to receive “information on any other conditions limiting access to
and/or use of services and application where such conditions are permitted under
national law in accordance with Community law”. Under Article 20 (2) of this
Directive, subscribers have the right to cancel their contract with a provider of elec-
tronic communications to the public if they receive notice of modification to the
contractual conditions. Thirdly, transparency requirements are established in Article
21 (3)(c) and (d) of the Universal Service Directive that provide that NRAs are able
20
Coren (2017).
21
Sasko (2017).
22
See, i.e., Shepardson (2018).
23
Directive 2009/140/EC of the European Parliament and of the Council of 25 November 2009
amending Directives 2002/21/EC on a common regulatory framework for electronic communica-
tions networks and services, 2002/19/EC on access to, and interconnection of, electronic commu-
nications networks and associated facilities, and 2002/20/EC on the authorisation of electronic
communications networks and services, OJ L 337/37, 18.12.200.
24
Regulation (EC) No 544/2009 of the European Parliament and of the Council of 18 June 2009
amending Regulation (EC) No 717/2007 on roaming on public mobile telephone networks within
the Community and Directive 2002/21/EC on a common regulatory framework for electronic com-
munications networks and services, OJ L 167/12, 29.6.2009.
25
Directive 2002/22/EC on universal service and users’ rights relating to electronic communica-
tions networks and services as amended by Directive 2009/136 OJ L 108/51.
to oblige undertakings providing public electronic communications networks and/

or publicly available electronic communications services to inter alia: (i) inform
subscribers of any change to conditions limiting access to and/or use of services and
applications, where such conditions are permitted under national law in accordance
with community law and (ii) provide information on any procedures put in place by
the provider to measure and shape traffic to avoid filling or overfilling a network
link, and on how those procedures could impact on service quality. Finally, Article
22 (3) of the Universal Service Directive gives NRAs the right to intervene to pre-
vent the degradation of service and the hindering or slowing down of traffic over
networks. In such cases, NRAs are able to set minimum quality of service (QoS)
requirements on an undertaking or undertakings providing public communications
networks.
The EU Commission appeared to endorse the principles included in the FCC’s
open internet rules and Neelie Kroes, the Vice President of the European Commission,
Commissioner for the Digital Agenda, proposed five principles upon which rules on
net neutrality should be based.26 First, it stated that freedom of expression is fun-
damental. Any outcome that may put in danger freedom of speech is not supported.
Furthermore, transparency is non-negotiable. In a complex system like the inter-
net, it must be clear what the practices of operators controlling the network mean for
all users, including consumers. Thirdly, it claimed that we need investment in effi-
cient and open networks. Clear regulatory measures must be adopted to foster
investment in new efficient and open networks. Deploying such networks and pro-
moting infrastructure competition may be the best way to avoid bottlenecks and
monopolistic gatekeepers, thereby ensuring net neutrality. Fourthly, the Commission
referred to fair competition. On this principle, it must be made clear that every
player on the value chain should be free to fairly position himself to offer the best
possible service to his customers or end-users. Any commercial or traffic manage-
ment practice that does not follow objective and even-handed criteria, applicable to
all comparable services, is potentially discriminatory in character. Discrimination
against undesired competitors (for instance, those providing voice over internet ser-
vices) should not be allowed. Finally, the Commission referred to support for inno-
vation. There must be opportunities for new efficient business models and innovative
businesses. Over time, one should continue to monitor whether traffic management
is a spur to future network investment, and not a means of exploiting current net-
work constraints.
Network neutrality was included as part of the Telecoms Single Market Proposal
to the EU Parliament and the Council,27 and the reason was that there were fears that
the enactment of divergent national legislations would lead to inconsistencies and
incompatibilities that would hamper the European single market.28 Subsequently, on
26
See Kroes (2010).
27
Proposal for a Regulation of the European Parliament and the Council laying down measures
concerning the European Single Market for Electronic Communications and to achieve a con-
nected continent COM (2013) 627 final.
28
Regulation 2015/2120, Recital 3.
234 I. Iglezakis
November 25, 2015, Regulation 2015/212029 was adopted with a view to safeguard
equal and non-discriminatory treatment of traffic in the provision of internet access
services and related users’ rights. Its objective is not only to provide protection to
end-users but also guarantee the functioning of the internet ecosystem. It considers
that the internet has been developed as an open platform with low access barriers for
a multitude of players, such as users and providers, and that the regulatory frame-
work promotes such ability. The openness of the internet can, however, be jeopar-
dized by traffic management practices blocking or slowing down specific applications
or services and may affect a significant number of end-users.30
It has also been considered that if Member States take measures against such
practices, this may lead to fragmentation of the internal market. Indeed, network
neutrality rules have been enacted in the Netherlands, Slovenia, and Finland. More
specifically, the Dutch law was enacted in 2011 as a response to public outcry over
the announcement of a network operator which intended to introduce a “chat
charge” for users of IP messaging applications, such as WhatsApp, to deal with the
negative impact that these services had over traditional SMS services.31
The choice of the European legislator to enact a regulation rather than a directive
practically means that it has direct effect on EU Member States and does not need
to be transposed into national law.32 Furthermore, according to its title, it applies
additionally to European Economic Area (EEA) States.
The subject matter and scope of Regulation 2015/2120 is defined in Article 1,
which provides that it establishes common rules to safeguard equal and non-
discriminatory treatment of traffic in the provision of internet access services and
related end-users’ rights, but also sets up a new system for roaming services to abol-
ish roaming surcharges.
On the definitions of most used terms, Regulation 2015/2120 makes a reference
to Article 2 of Directive 2002/21. Additionally, it provides definitions of ‘providers
of electronic communications to the pubic’ and ‘internet access services’.
To achieve the goal of safeguarding open internet access, the Regulation estab-
lishes a set of users’ rights. It does not make use of the term ‘network neutrality’
neither in its title nor in its content, but the rights enshrined by it have the perspec-
tive of achieving this objective.
Article 3(1) provides that: “end-users shall have the right to access and distribute
information and content, use and provide applications and services, and use termi-
nal equipment of their choice, irrespective of the end-user’s or provider’s location or
the location, origin or destination of the information, content, application or service,
29
Regulation (EU) 2015/2120 of the European Parliament and of the Council of 25 November
2015 laying down measures concerning open internet access and amending Directive 2002/22/EC
on universal service and users’ rights relating to electronic communications networks and services
and Regulation (EU) No 531/2012 on roaming on public mobile communications networks within
the Union, OJ L 310/1, 26.11.2015.
30
Ibid.
31
Marcus (2016), p. 270.
32
See Article 288 TFEU.
via their internet access service.” These rights are without prejudice to Union law or
national law on the lawfulness of content, applications, or services.33 It is high-
lighted that providers of internet access services should not restrict connectivity to
any accessible end-points of the internet,34 and not impose restrictions on the use of
terminal equipment connecting to the network in addition to those imposed by man-
ufacturers or distributors of terminal equipment under the Union law.35
Furthermore, Article 3 (2) provides that: “agreements between providers of inter-
net access services and end-users on commercial and technical conditions and the
characteristics of internet access services such as price, data volumes or speed, and
any commercial practices conducted by providers of internet access services, shall
not limit the exercise of the rights of end-users laid down in paragraph 1.” This right
is particularly important, since end-users must be free to agree with providers of
internet access services on tariffs for specific data volumes and speed of the internet
access service. In addition, any commercial practices of internet access services
should not limit the exercise of those rights, and thus, NRAs and other competent
authorities should be empowered to intervene where end-users’ choice is essentially
reduced.36
Further, under Article 3 (3), “providers of internet access services shall treat all
traffic equally, when providing internet access services, without discrimination,
restriction or interference, and irrespective of the sender and receiver, the content
accessed or distributed, the applications or services used or provided, or the termi-
nal equipment used.” As pointed out in the preamble of the Regulation, comparable
situations should not be treated differently, and different situations should not be
treated in the same way unless such treatment is objectively justified.37
The Regulation also addresses traffic management measures. The objective of
such measures, in general, is to contribute to an efficient use of network resources
and to an optimization of overall transmission quality responding to the objectively
different technical quality of service requirements of specific categories of traffic,
and thus of content, applications, and services transmitted.38 As it is evident, such
measures may not be totally prohibited if they appear to be justified.
Under the second subparagraph of Article 3(3), providers of internet access ser-
vices may implement reasonable traffic management measures, to mitigate the
effects of congestion and even take preventive action for this purpose. To be deemed
reasonable, such measures must be transparent, non-discriminatory and proportion-
ate, and shall not be based on commercial considerations but on objectively differ-
ent technical quality of service requirements of specific categories of traffic, i.e.,
VoIP.
33
Regulation 2015/2120, Recital 6.
34
Ibid, Recital 4.
35
Ibid, Recital 5.
36
Ibid, Recital 7.
37
Ibid, Recital 8.
38
Ibid, Recital 9.
236 I. Iglezakis
When adopting such measures, according to the above provision, internet access
providers must not block, slow down, alter, restrict, interfere with, degrade, or dis-
criminate between specific content, applications or services, or specific categories
thereof, except as necessary, and only for as necessary to: (a) comply with Union
legislative acts, or national legislation that complies with Union law, to which the
provider of internet access services is subject, or with measures that comply with
Union law giving effect to such Union legislative acts or national legislation, includ-
ing orders by courts or public authorities vested with relevant powers; (b) preserve
the integrity and security of the network, of services provided via that network, and
of the terminal equipment of end-users; and (c) prevent impending network conges-
tion and mitigate the effects of exceptional or temporary network congestion, pro-
vided that equivalent categories of traffic are treated equally.
Thus, traffic management measures to avoid network congestion are accepted, if
the above requirements are fulfilled. In any case, paid prioritization of traffic is pro-
hibited. Under the Regulation, traffic management practices must be based on
objective technical requirements rather than on commercial considerations, and
must treat equivalent types of traffic equally.39
The Regulation allows the provision of specialized services, i.e., services pro-
vided in addition to internet access services, such as IPTV or HD videoconferencing
or healthcare services (telesurgery). These require significant resources to ensure
quality and that might affect the provision of basic internet access services. It there-
fore provides that ISPs may offer or facilitate such services only if the network
capacity is sufficient to provide them additionally to other internet access services,
and they should not be offered as a replacement for such services and should not be
detrimental to their availability or general quality.40
Zero rating, which is a commercial practice used by some ISPs not to count the
data traffic of specific applications, is not strictly prohibited. However, such com-
mercial practices must comply with the provisions of the Regulation that prohibit
any discrimination of internet traffic.
To safeguard transparency of internet access services, the Regulation provides in
Article 4 (1) lit (a)-(e) that providers of such services shall ensure that any contract
which includes internet access services specifies minimum information require-
ments. This information is referring to traffic management measures, limitations,
and explanations of ISPs practices.
Furthermore, providers of internet access services have an obligation to put in
place transparent, simple, and efficient procedures to address complaints of end-
users relating to the rights and obligations (Article 3 and 4, paragraph 1).
Compliance with the above provisions of Articles 3 and 4 is monitored by NRAs.
Under Article 5 (1), they shall closely monitor and ensure such compliance, and shall
promote the continued availability of non-discriminatory internet access services at
levels of quality that reflect advances in technology. In particular, they may impose
39
European Commission - Fact Sheet. Roaming charges and open Internet: questions and answers,
Brussels, 30 June 2015.
40
Regulation 2015/2120, Article 3(5)(2).
requirements concerning technical characteristics, minimum quality of service

requirements and other appropriate and necessary measures on one or more provid-
ers of electronic communications to the public, including providers of internet access
services. They must also publish reports on an annual basis regarding their monitor-
ing and findings, and provide those reports to the Commission and to BEREC.
Infringements of the provisions of the Regulation establishing end-users’ rights
and obligations of providers of internet access services are sanctioned according to
Member States’ law, as provided for in Article 6. The penalties provided for in
Member States’ legislation must be effective, proportionate, and dissuasive, under
the same provision. Most EU Member States have enacted provisions providing
penalties for Net Neutrality infringements, although with certain deficiencies.41
5 Conclusion
In contrast to the developments in the U.S., the EU appears resolved to maintain and
enforce the rules on network neutrality. These rules apply since April 2016, and
consequently, NRAs have assumed responsibility to assess traffic management and
commercial practices to effectively enforce the Regulation.
It is noteworthy that the Greek NRA issued an Annual Report on Open Internet
addressed to the Body of European Regulators for Electronic Communications
(BEREC) on the implementation of the Regulation and stated that it will publish a
national regulation on open internet, specifying the provisions of Regulation 2015/2120.42
The latter was finally adopted with Decision 876/7B of 17-12-2018 of the Greek NRA
and it provides specific obligations of communication service providers and rights to
end-users such as the right of subscribers to require compensation in case the speed of
internet connection is less than the one stipulated in the contract with the user.43
Moreover, BEREC has announced that it intends to review its net neutrality
guidelines to include 5G technologies in conformity with net neutrality principles.44
There is currently a confrontation with the telecom industry, which supports the
relaxing of net neutrality rules to make a 5G-rollout more economically viable.45
From the policy perspective, net neutrality rules have a strong foundation on the
EU consumer policy and the policy for the protection of users of ‘e-services’. In
contrast to USA law, the rationale for net neutrality in the EU is not to assure effec-
tive competition in the market for internet access services, but rather the protection
of end-users from discriminatory practices. Thus, EU net neutrality rules will play
a significant role in the future in Europe more than in other parts of the world.
41
See Epicenter works, Penalties for Net Neutrality Infringements in the EU, https://en.epicenter.
works/document/1255.
42
EETT (2017).
43
EETT (2018).
44
BEREC (2018).
45
EDRI (2018).
238 I. Iglezakis
References
BEREC (2012) A view of traffic management and other practices resulting in restrictions to the
open internet in Europe, 20 May 2012
BEREC (2018) BEREC Work Programme 2019, BoR (18) 174, 4 October 2018
Coren M (2017) Trump’s plan to overturn net neutrality rules to face ‘a tsunami of resistance’.
https://qz.com/1027755/net-neutrality-google-and-amazon-are-fighting-to-save-internet-s-
that-trump-says-are-killing-business
EDRI (2018) Net neutrality vs. 5G: what to expect from the upcoming EU review? https://edri.org/
net-neutrality-vs-5g-what-to-expect-from-the-upcoming-eu-review/?fbclid=IwAR1J4oFbkH
HR8Y2gOAF4o1omJFXTuOQqvd1wwdn331kEh3EvzgnxPZRbuGY
EETT (2017) EETT Annual Report to the European Commission and the European Regulators’
Body for Electronic Communications (BEREC) on the implementation of Regulation
(EU) 2015/2120 on access to the open Internet. http://www.eett.gr/opencms/export/sites/
default/EETT/Electronic_Communications/Telecoms/NetNeutrality/AnnualReport/NN_
report_2016-2017_EETT.pdf
EETT (2018) National Regulation on Open Internet, 876/7B. https://www.eett.gr/opencms/export/
sites/default/admin/downloads/telec/apofaseis_eett/kanonistikes_apofaseis_eett/AP876-007B.
pdf
European Commission - Fact Sheet. Roaming charges and open Internet: questions and answers,
Brussels, 30 June 2015
FCC, Restoring Internet Freedom. https://www.fcc.gov/consumers/guides/open-internet
Frieden R (2007) Internet 3.0: identifying problems and solutions to the network neutrality debate.
Int J Commun 1:461–492
https://www.phillymag.com/business/2017/12/18/comcast-net-neutrality-repeal
Kroes N (2010) Net neutrality in Europe, Address at the ARCEP Conference, Paris, 13th April
2010. http://europa.eu/rapid/press-release_SPEECH-10-153_en.pdf
LSE Media Policy Project Blog (2011) Net-neutrality: the first amendment of the internet.
http://blogs.lse.ac.uk/mediapolicyproject/2011/03/30/net-neutrality-the-first-amendment-
of-the-internet/
Marcus JS (2016) Net neutrality rules in Europe: comparisons to those in the U.S. Colo Technol
Law J 14(2):270
Murray A (2013) Information technology law. The law and society. Oxford University Press,
Oxford
Nunizato D (2009) Virtual freedom: net neutrality and free speech in the internet age. Stanford
University Press
Oxman J (1999) The FCC and the unregulation of the internet, OPP Working Paper No. 31. https://
transition.fcc.gov/Bureaus/OPP/working_papers/oppwp31.pdf
Rushe D (2017) Trump’s plan to overturn net neutrality rules to face ‘a tsunami of resistance’. https://
www.theguardian.com/technology/2017/apr/26/trump-overturn-net-neutrality-rules-resistance
Sasko C (2017) What the FCC’s net neutrality decision means for Comcast (and you). https://
www.phillymag.com/business/2017/12/18/comcast-net-neutrality-repeal
Savin A (2013) EU internet law. Edward Elgar, Cheltenham UK, Northampton MA, USA
Shepardson D (2018) California will not enforce state net neutrality law pending appeal. https://
www.reuters.com/article/us-usa-internet/california-will-not-enforce-state-net-neutrality-
law-pending-appeal-idUSKCN1N02KU
Wu T (2003) Network neutrality, broadband discrimination. J Telecommun High Technol Law
2:141
Chapter 11
Cybersecurity Legislation: Latest
Evolutions in the EU and Their
Implementation in the Greek Legal System
Evangelia Vagena and Petros Ntellis
Abstract Cybersecurity has been attracting a lot of attention lately in

EU. Cybersecurity is a top priority as a necessary condition for EU’s Digital Single
Market. Recent EU and Greek activity in the field resulted in the current legislation
on cybersecurity, which was adopted after a long law-making process aiming at the
modernization of the institutional framework for combating cybercrime. This pro-
cess brought forward significant as well as indispensable amendments. Full imple-
mentation of the newly voted texts demands various initiatives for the implementation
of an institutional framework that will include inter alia the development of official
structures and methods of response to events that threaten the security of informa-
tion systems by criminal acts. This chapter analyses these, the new EU cybersecu-
rity legislative framework with reference to its Greek implementation, and describes
the major key players in combating cybercrime and traces the remaining
challenges.
1 Cybersecurity Definition
With the increasing use of technology in everyday life, from personal computers to
mobile phones, e-commerce, corporate and public sector operations, as well as
Internet-of-Things (IoT), the need to protect interconnected electronic infrastruc-
ture against malicious use becomes more and more imperative. Cybersecurity deals
with this need.
In simple words, since all human activity in developing countries becomes digi-
tal, there is a need to secure this activity against any possible threat so that the ben-
efit from the digital transition overcomes any possible cost.
E. Vagena
Computer Engineering and Informatics Department, University of Patras, Patras, Greece
e-mail: evagena@law.uoa.gr
P. Ntellis (*)
Athens, Greece
e-mail: pntellis17b@amcstudent.edu.gr

https://doi.org/10.1007/978-3-030-25579-4_11
240 E. Vagena and P. Ntellis
Cybersecurity is generally defined as the activities necessary to protect network

and information systems, their users, and affected persons from cyber threats.
“Cyber threat” means any potential circumstance or event that may adversely affect
network and information systems, their users and affected persons.1
2 EU Interest in Cybersecurity
In his annual State of the Union address in 2017, the president of the European
Commission Jean-Claude Juncker stated: “In the past three years, we have made
progress in keeping Europeans safe online. But Europe is still not well equipped
when it comes to cyber-attacks. This is why, today, the Commission is proposing
new tools, including a European Cybersecurity Agency, to help defend us against
such attacks”. The justification behind the European Union (EU) legislative initia-
tives is, in practice, imprinted in the Cybersecurity Strategy of the European Union2
where it is stated that: “Our freedom and prosperity increasingly depend on a robust
and innovative Internet, which will continue to flourish if private sector innovation
and civil society drive its growth. But freedom online requires safety and security
too”. In practice, the European Commission’s initiatives aim to improve online
security, trust, and inclusion. Trust and security are at the core of the Digital Single
Market Strategy.3
Cybercrime has substantial financial costs4 and often political targeting in par-
ticular with the form of “hacktivism”, i.e., of activism that stimulates the combative
advocacy of political, environmental, social, cultural demands and requests of citi-
zens without necessarily defined ideology, hierarchy, or program, and that uses
technological means that foster the dissemination and participation via the internet
for its development.
3 Cyber-Threats
Before discussing about security, we need to know what is the threat to confront.
The most characteristics types of cyber threats are described below.
1
Proposal for a Regulation of the European Parliament and of the Council on ENISA, the “EU
Cybersecurity Agency”, and repealing Regulation (EU) 526/2013, and on Information and
Communication Technology cybersecurity certification (“Cybersecurity Act”) COM (2017) 477
final.
2
Joint Communication to the European Parliament, the Council, the European Economic and
Social Committee and the Committee of the Regions Cybersecurity Strategy of the European
Union: An open, safe and secure cyberspace, JOIN (2013) 1 final.
3
European Commission (2019).
4
See McAfee (2016).
11 Cybersecurity Legislation: Latest Evolutions in the EU and Their Implementation… 241
3.1 Denial of Services
Denial of Services (DoS)5 attacks had already appeared in 2000 and had reached the
point of being used to carry out operations in the 2008 cyberwarfare. These attacks
are designed to lead to a collapse of the data network of a company or an e-commerce
website by bombarding it with a large volume of data traffic, as if thousands of
people repeatedly called the same telephone number with intent to keep it busy. The
first attack of this kind was recorded in February 2000 when a 15-year old Canadian
hacker orchestrated a series of corresponding attacks against several e-commerce
websites like Amazon.com and eBay.com. In 2005, a private citizen was convicted
for the first time in the US for illegal acts through the use of botnets.6 These are
described as a network of computer systems that have been compromised by a mali-
cious user and can be used for malicious activities without the knowledge of their
owner or legitimate user.7
This type of attack was used in 2008 by Russia against the Republic of Georgia
with the objective, and subsequent result, to prevent Georgia from carrying its own
view of the war that already took place to the rest of the world. This event was pre-
ceded by incidents in Estonia in 2007 and in Lithuania in 2008.8 Additionally in
Greece, a case, with great worldwide publicity, ended with the arrest of the two
domestic creators of the malware “Lecpetex” that infected hundreds of thousands of
computers globally in 2014.
3.2 Data Theft
Data theft is defined as the illegal transfer or storage of information that is confiden-
tial for any reason, whether it concerns individuals, companies, or organizations,
and may include passwords, software code, patents, financial data, etc.9 It is consid-
ered the most serious breaches of security and privacy with potentially major con-
sequences for businesses or individuals. Data theft is usually accomplished in two
ways: either by an offender’s illegal entry into an information system and the copy-
ing or sending of data to them, or by installing malicious software, known as mal-
ware, which sends data to the offender. Data theft targets mainly financial institutions,
companies of all industries, organizations, and individuals.
5
Encyclopedia Britannica (2018).
6
US v. Jeanson James Ancheta, United States District Court for the Central District of California,
Feb 2005 Grand Jury, Case No 05-1060.
7
See ENISA (2019).
8
Tikk et al. (2010).
9
Technopedia (2019).
3.3 Ransomware
Ransomware is a type of malware that prevents a legitimate user of a computer

system from accessing files.10 This is accomplished by encrypting all or part of the
files stored in this system. The legitimate user, to restore access to the files, should
have the decryption key that the offender owns and delivers it to the legitimate user
after a ransom payment, often in the form of cryptography. The ransom may amount
to a few tens of euros up to several hundreds of thousands of euros, depending on
the purpose and type of data encrypted.
3.4 Hacktivism
Hacktivism (from the contraction of the words hack and activism) or electronic civil
disobedience, both in terms of methods and goals, may be of a criminal nature.
Their goal is to protest in a non-violent but still destructive way. Hacktivists usually
rely on three methods to accomplish their goals: public disclosure of private and/or
personal information, DDoS attacks, and defacement of web sites. Although the
disclosure of information and defacement methods may appear less affecting to
public safety, it is still a violation of the law in several cases, as it may include,
among other things, unauthorized access to or use of information systems, access,
copy, transfer, disclosure, and/or modification of private information. On the other
hand, DDoS attacks may interfere with critical information systems’ operations and
in some cases may cause irreversible and possibly lethal damage to people or goods,
i.e. healthcare, water, or power supply industry.
3.5 Financial Costs
In an ever-changing digital landscape, it is vital to keep up with the trends in cyber

threats. The study “The Cost of Cybercrime 2019”11 combines research into 11
developed countries and 16 kinds of business sectors. Companies consisting of 355
participated in the survey to examine the economic impact of cyber-attacks. It was
found that cyber-attacks are constantly changing for the following reasons:
Evolved Targets: Information theft is the most accurate and faster growing con-
sequence of cybercrime, but data is not the only target. Central systems, such as
industrial control systems, are targeting attacks in an attempt to disrupt their opera-
tion or destroy them.
10
Trend Micro (2019).
11
Accenture (2019).
Impact Evolution: While data remains a target, theft is not always the result. A
new wave of cyber-attacks is not about copying, but about destroying or manipulat-
ing them, which causes distrust of these data. The attack on the integrity of data is
the next border.
Advanced Techniques: Cyber criminals are adapting the methods of their attacks.
They use the human factor, the weakest link, as a means of attacking, by increasing
phishing and malicious internal users.
Organizations of all sizes, geographical locations, and industries worldwide have
been affected by the economic and regulatory consequences of cybercrime. Last
year, there has been a significant rise in economic espionage, such as the theft of
high-value intellectual property of states and companies.12
The impact of these cyber-attacks on organizations, industries and society is
essential. Along with the growing number of security breaches, the total cost of
e-crime for each company rose from $ 11.7 million in 2017 to $ 13.0 million. The
2019 analysis13 of nearly 1000 cyber-attacks reported malware as the most common
attack and, in many countries, the costliest to solve. Human-based attacks seem to
be some of the biggest and are constantly rising. The number of organizations and
companies experiencing ransomware attacks has increased by 15% over the course
of a year and has more than doubled in frequency over the past 2 years.14 Phishing
and social engineering attacks are now being handled by 85% of organizations, an
increase of 16% over a year—which is a cause of concern when people are still the
weak link in cyber defense.15
In terms of country loss, the values provided reach up to 1.6% of the gross
domestic product (GDP) in some EU countries.16 Other studies mention figures such
as 425 thousand to 20 million euros per company per year.17 Lastly, it has been
additionally estimated that the economic loss for the global economy can vary from
330 to 506 billion euros (375 to 575 billion $).18 By gathering these findings across
the world, it has been found that the total risked value of cybercrime is 5.2 trillion $
over the next 5 years.19
12
See ENISA (2016a), p. 4.
13
Ibid.
14
Ibid.
15
Ibid.
16
Ibid.
17
Supra n. 5.
18
Ibid.
19
Ibid.
3.6 The “Lecpetex” Case
An illustrative example of the cost of cybercrime in Greece is the “Lecpetex case”.

This is the most famous Greek cybersecurity case up to day. It involved DDosS
attacks, bitcoins, and money laundering. Based on statistics released by the Greek
Police, the botnet used may have infected as many as 250,000 computers.20 These
infections enabled those directing the botnet to hijack the compromised computers
and use them to promote social spam, which affected close to 50,000 accounts at its
peak. On 30 April 2014, the Lecpetex case was escalated to the Cybercrime
Subdivision of the Greek Police. On 3 July 2014, the Greek Police reported that the
investigation had progressed to the final stage and that two suspects were placed in
custody. According to the Greek Police, the botnet creators were in the process of
establishing a Bitcoin “mixing” service to help launder stolen Bitcoins at the time
of their arrest.
4 Cybersecurity Legislation
The first country to adopt relevant legislation was the United States, which already
by 1984 had voted the law for online fraud, the Computer Fraud and Abuse Act of
1984 (CFAA). At international level, in 1990 the UN General Assembly in its deci-
sion emphasized the need to adopt legislation on cybercrime21 and on subsequent
decisions the need to combat counterfeiting (misuse) of Information Technology (in
2000 and 2002).22 At the same time in 1997, the Council of Europe took the initia-
tive for the establishment of a Special Committee of experts, with the scope of
adopting appropriate legislation and fostering international cooperation in tackling
crime in cyber-space. Consequently, the Convention on Cybercrime was organized,
which ended up to the Convention of Cybercrime, also known as the Convention of
Budapest.
4.1 Convention on Cybercrime: ETS No 185
The Convention of Budapest (Convention) was a pioneering text for the start of the
twenty-first century, whose predictions remain valid after 18 years, and that has
been ratified by various countries and especially those that have great internet access
infrastructure and control the highest volume of data over the wire, such as the
USA, Canada, Japan and most EU Member States.
20
See Facebook Notes (2014).
21
United Nations General Assembly (1990) A/RES/45/121.
22
United Nations General Assembly (2002) A/RES/56/121.
At first, the Convention designates the types of crimes in the digital environment
for which penal sanctions should be provided by all contracting States in their exist-
ing substantive criminal laws, such as illegal access on systems (i.e. hacking), data
interference (i.e. DDoS attacks)23 or the construction and general use of programs
with the purpose of committing one of the punishable crimes (trojans, worms etc.).
The Convention includes provisions on criminal procedural law, as well as interna-
tional cooperation with the scope of facilitating the detection and sanction of cyber-
crime cases. In the first section of the Convention Agreement, one finds provisions
relating to: (a) the preservation of stored data on a computer, (b) the preservation
and disclosure of transmitted data, (c) the offer of information, (d) the investigation
and seizure of stored elements, (e) with real time collection of data and (f) monitor-
ing—tapping of data content.
Article 20 of the Convention is of great importance. It provides for the procedure
to be followed by the parties to facilitate the judicial and police authorities to carry
out their inquiries “in real time” (“en temps reel”) so that they collect the necessary
evidence in the geographical boundaries of the national territory before these items
are lost. This provision can be implemented in particular based on Articles 29 to 34
of the Convention on the rapid preservation of data, Article 29, the disclosure of
data, Article 30, investigations and seizures of stored data, Articles 31 and 32, and
spyware traffic data and content, Articles 33 and 34.
The possibility of cross-border access to data without the obligation to comply
with the procedure for the provision of judicial assistance is available solely in two
cases found in Article 32: (a) to data that is accessible to the public (“publicly avail-
able data”, “donnees accessibles au public”, ”open data”) and (b) to data in which
the party has accessed or received through a computer system located within its
territory and which has received the lawful and voluntary consent of the person who
has the legal right to dispose of them via the computer system. The latter category
includes provisions relating to: (a) extradition, (b) applicable under the contract
general principles relating to mutual assistance, (c) the possibility of official infor-
mation, (d) disclosure of data stored in a computer system and (e) disclosure of
traffic data.
What is also interesting to note is the forecast for the spontaneous provision of
information, Article 26, on behalf of a Member State to another when it considers
that elements in the framework of its own investigations can be useful for investigat-
ing other criminal offences in another contracting party.
The effects of cross-border nature of internet crime inflict the transnational coop-
eration furthered through a series of estimates and in particular, the provision for
creating a network of permanent contact points to facilitate the rapid processing of
requests for assistance coming from abroad.24
Due to the increasing flow of immigrants, the adoption of the additional protocol
to the Convention on Cybercrime, concerning the criminalization of acts of a racist
and xenophobic nature that are committed through computer systems, as signed in
23
See Politis et al. (2009).
24
Article 35.
Strasbourg, on 28 January 2013 is of particular importance to the EU. The addi-

tional protocol widens the scope of the Convention on Cybercrime, to address xeno-
phobic and racist nature acts. As racist and xenophobic material is designated any
written material, image or any other representation of ideas or theories, which advo-
cates, promotes or incites hatred, discrimination, or violence, against any individual
or group of individuals, based on race, color, ancestry or national or ethnic origin,
religion, and if used as a pretext for any of these factors.
As it will be analyzed below, Directive 2013/40/EC (known as “Cybercrime
Directive”) on attacks against Information Systems attempted to harmonize the leg-
islation of EU Members States in accordance with the provisions of the Convention
on Cybercrime.
4.2 EU Cybersecurity Legislation Timeline
The most important legislative initiatives on EU cybersecurity policy can be argued

to be the following in a chronological order.
In 2001, the Council framework decision 2001/413/JHA on combating fraud in
regards to forgery of non-cash means of payment25 was adopted. It defines the
fraudulent behaviors that EU Member States need to consider as punishable crimi-
nal offences.
In 2002, Directive 2002/58/EC concerning the processing of Personal Data and
the protection of privacy in the electronic communications sector was adopted,
which is also known as the ePrivacy Directive.26 According to this directive, provid-
ers of electronic communications services must ensure the security of their services
and maintain the confidentiality of client information.
In 2005, the Council Framework Decision 2005/222/JHA of February 24th 2005
on attacks against information systems27 was adopted. It is actually a general deci-
sion aiming to harmonize national provisions in the field of cybercrime, encompass-
ing material criminal law (i.e. definitions of specific crimes), procedural criminal
law (including investigative measures and international cooperation), and liability
issues.
In 2011, Directive 2011/92/EU on combating the sexual exploitation of children
online and child pornography, which better addresses new developments in the
online environment, such as grooming (offenders posing as children to lure minors
25
Council Framework Decision 2001/413/JHA: of 28 May 2001 combating fraud and counterfeit-
ing of non-cash means of payment, OJ L 149/1.
26
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning
the processing of personal data and the protection of privacy in the electronic communications
sector (Directive on privacy and electronic communications), OJ L 201/37.
27
Council Framework Decision 2005/222/JHA of 24 February 2005 on attacks against information
systems, OJ L 69/67.
for the purpose of sexual abuse)28 was adopted. It addressed child sexual abuse
online and all relevant developments in the online environment, such as grooming.
It contains provisions on substantive criminal law and criminal procedure, adminis-
trative measures, and policy measures. It gives Member States clear minimum stan-
dards for sanctions and measures to prevent abuse, combat impunity and protect
victims. The most important improvements introduced by the Directive include
more detailed definition of child pornography, increased criminal penalties, the
criminalisation of possession and acquisition of online child sexual abuse material,
the introduction of a new offence ‘grooming’, and provisions to remove and/or
block websites containing child sexual abuse material (CSAM).
In 2013, Directive 2013/40/EU of the European Parliament (EP) and of the
Council of 12 Aug 2013 on attacks against information systems replacing the
Framework Decision 2005/222/JHA.29 Objectives are to approximate the criminal
law of the Member States in the area of attacks against information systems by
establishing minimum rules concerning the definition of criminal offenses and the
relevant sanctions and to improve cooperation between competent authorities,
including the police and other specialized law enforcement services of the Member
States, as well as the competent specialised Union agencies and bodies, such as
Eurojust, Europol and its European Cyber Crime Centre, and ENISA.
At the same year, the EU Cybersecurity Strategy adopted30 strategic objectives
and concrete actions to achieve resilience, reduce cybercrime, develop cyber-
defence policy and capabilities, develop industrial and technological resources, and
establish a coherent international cyberspace policy for the EU.
In 2015, the Digital Single Market strategy31 was adopted. It aimed to set the
conditions for the free movement of persons, services, and capital by allowing indi-
viduals and businesses to seamlessly access and engage in online activities under
conditions of fair competition, and a high level of consumer and personal data pro-
tection, irrespective of their nationality or place of residence. In this context, Trust
and security are at the core of the Digital Single Market Strategy, and thus fighting
cybercrime became an imperative.
In 2016, there was a Communication on Strengthening Europe’s Cyber Resilience
System and Fostering a Competitive and Innovative Cybersecurity Industry—evalu-
ation and review of Regulation (EU) No 526/2013 of the European Parliament and
28
Directive 2011/92/EU of the European Parliament and of the Council of 13 December 2011 on
the assessment of the effects of certain public and private projects on the environment Text with
EEA relevance, OJ L 26/1.
29
Directive 2013/40/EU of the European Parliament and of the Council of 12 August 2013 on
attacks against information systems and replacing Council Framework Decision 2005/222/JHA,
OJ L 218/8.
30
EU cybersecurity strategy: An open, safe and secure cyberspace, P7_TA (2013) 0376.
31
Economic and Social Committee and the Committee of the Regions, A Digital Single Market
Strategy For Europe, COM (2015) 192 final.
of the Council concerning ENISA (European Agency for Network and Information
Security) and repealing Regulation (EC) No 460/2004 (“ENISA Regulation”).32
At the same year, the Directive on security of network and information systems
that aims to increase the level of cyber security in all EU Member States and their
cooperation for this purpose or the NIS Directive33 was adopted. The Directive
2016/1148 includes measures for a high common level of network and information
systems security throughout the Union and aims for the adoption of measures by all
Member States for a high common level of network and information systems secu-
rity across the EU. The Member States should define, based on certain criteria,
which companies provide essential or vital services in the areas of energy, health,
transport, financial, communications, and water supply. These enterprises should
adhere to certain levels to increase their safety in cyberspace. In addition, they
should report security incidents to the National Authorities. The above were decided
from “lack of adequate registration” since the disclosed attacks or the incidents for
which the authorities are informed about are considerably less than the number of
cybercrime attacks conducted. Usually, companies that are being attacked prefer not
to give details, as it will affect their public image, reputation, reliability, and trust of
their customers. Under the directive, a national single point of contact for the secu-
rity of networks and information systems (“one stop shop”) must be defined and the
establishment of a CSIRTs network, also known as Computer Emergency Response
Teams—CERT. The grace period expired on 9 May 2018. Integration and measures
should have been implemented by 10 May 2018.
In 2017, the Digital Single Market Strategy Mid-term Review was published.34
That was an overview of the Digital Single Market strategy adopted in 2015. It out-
lines that further actions are needed in the areas of data economy, cybersecurity, and
online platforms.
On 13 September of the same year, the Commission adopted a cybersecurity
package. The package builds upon existing instruments and presents new initiatives
to further improve EU cyber resilience and response. A proposal for an EU
Cybersecurity Agency to assist Member States in dealing with cyber-attacks35 is
given. Building on the existing ENISA, the Agency will be given a permanent man-
date to assist Member States in effectively preventing and responding to
32
Economic and Social Committee and the Committee of the Regions, Strengthening Europe’s
Cyber Resilience System and Fostering a Competitive and Innovative Cybersecurity Industry,
COM (2016) 410 final.
33
Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 con-
cerning measures for a high common level of security of network and information systems across
the Union, OJ L 194/1.
34
Economic and Social Committee and the Committee of the Regions on the Mid-Term Review on
the implementation of the Digital Single Market Strategy, COM (2017) 228 final.
35
Report from the Commission to the European Parliament and the Council on the evaluation of
the European Union Agency for Network and Information Security (ENISA), COM (2017) 478
final.
c yber-attacks. It will improve the EU’s preparedness to react by organizing yearly

pan-European cybersecurity exercises and by ensuring better sharing of threat intel-
ligence and knowledge through the setting up of Information Sharing and Analyses
Centres. It will help implement the Directive on the Security of Network and
Information Systems, which contains reporting obligations to national authorities in
case of serious incidents.
On the same day, the Commission proposed a new Directive36 on combating
fraud and counterfeiting of non-cash means of payment aiming at updating the cur-
rent legal framework, removing obstacles to operational cooperation and enhancing
prevention and victims’ assistance, to make law enforcement action against fraud
and counterfeiting of non-cash means of payment more effective. A more effective
law enforcement response focusing on detection, traceability, and the prosecution of
cyber criminals is central to building an effective disincentive to commit such
crimes. The proposed Directive will strengthen the ability of law enforcement
authorities to tackle this form of crime by expanding the scope of the offenses
related to information systems to all payment transactions, including transactions
through virtual currencies. It will also introduce common rules on the level of penal-
ties and clarify the scope of Member States’ jurisdiction in such offenses.
At the same time, a proposal for an EU cybersecurity certification framework37
was published. This proposal aims at establishing a new European certification
scheme that will ensure that products and services in the digital world are safe to
use. The Cybersecurity Agency will help put in place and implement the EU-wide
certification framework that the Commission is proposing to ensure that products
and services are cyber secure. Just as consumers can trust what they eat, thanks to
EU food labels, new European cybersecurity certificates will ensure the trustworthi-
ness of the billions of devices which drive today’s critical infrastructures, such as
energy and transport networks, but also new consumer devices, such as connected
cars (IoT).
In 2018, the Commission presented proposals to facilitate cross-border access to
electronic evidence to step up effective investigation and prosecution of cyber-
enabled crime.38 It also presented its reflections on the role of encryption in criminal
investigations and concrete proposals to facilitate swift cross-border access to elec-
tronic evidence.
36
Proposal for a Directive of the European Parliament and of the Council on combating fraud and
counterfeiting of non-cash means of payment and replacing Council Framework Decision
2001/413/JHA, COM (2017) 489 final.
37
Proposal for a Regulation of the European Parliament and of the Council on ENISA, the “EU
Cybersecurity Agency”, and repealing Regulation (EU) 526/2013, and on Information and
Communication Technology cybersecurity certification (“Cybersecurity Act”), COM (2017) 477
final.
38
Communication from the Commission to the European Parliament, the European Council and
the Council, Seventeenth Progress Report towards an effective and genuine Security Union, COM
(2018) 845.
Finally, in 2019, the EU Cybersecurity Act39 was adopted. Proposed in 2017 and
adopted in March 2019, the Act brings new developments for the Member States in
the cybersecurity landscape. ENISA is expected to play a broader role in the EU’s
battle against cybercrime. The Commission adopted decisions to ensure that ENISA
cannot only provide advice, assistance, and guidance to Member States but can also
perform operational tasks. The Commission also decided to allocate more resources
to ENISA so it can fulfill its extended role. In addition, the Cybersecurity Act provi-
sions the creation of an EU cybersecurity certification framework for ICT products
and services sold within the EU market, where ENISA will also play an important
role. It will be responsible for preparing the cybersecurity certification schemes in
cooperation with Member States and the industry. The certification framework is the
first EU law that regulates the area of security of online services and consumer
devices. “Security by design” is the key concept behind it. Players in the ICT indus-
try and the market need to adopt information security features in the early stages of
technical design and development of products and services.
5 EU Key Players
5.1 E
NISA: European Union Agency for Network
and Information Security
ENISA as already mentioned is the EU agency for information security. It is a cen-

ter of expertise dedicated in enhancing network and information security in the
EU. The agency, based in Greece, was set up in 2004 to contribute to the overall
goal of ensuring a high level of network and information security within the EU. It
has a fixed-term mandate. In 2013, the new mandate of the agency was established
for a period of 7 years, until 2020. ENISA supports the EU institutions, the Member
States, and the business community in addressing, responding, and especially in
preventing network and information security problems. It also focuses on strength-
ening cooperation between Member States to deal with threats and incidents of
infringement of security of information and the exchange of good practices. It does
so through a series of activities across five areas identified in its strategy.40 At first,
it focuses on providing information and expertise on key network and information
security issues. Secondly, it supports policy-making and its implementation in the
EU. Thirdly, it focuses on capacity for building across the EU (i.e. through train-
ings, recommendations, and awareness raising activities). Fourthly, it aims to foster
39
European Parliament legislative resolution of 12 March 2019 on the proposal for a regulation of
the European Parliament and of the Council on ENISA, the “EU Cybersecurity Agency”, and
repealing Regulation (EU) 526/2013, and on Information and Communication Technology cyber-
security certification (“Cybersecurity Act”) (COM(2017)0477 – C8-0310/2017 – 2017/0225(COD))
P8_TA(2019)0151.
40
ENISA (2013).
the network and information security community (i.e. support to the Computer
Emergency Response Teams (CERTs) and coordination of pan-European cyber
exercises). Lastly, it aims at engaging with stakeholders at international level.
Directive (EU) 2016/1148 (NIS Directive)41 concerning measures for a high
common level of security of network and information systems across the Union
provides important roles to ENISA. At first, it provides the secretariat to the
Computer Security Incident Response Team (CSIRTs Network), established to pro-
mote swift and effective operational cooperation between Member States on spe-
cific cybersecurity incidents and sharing information about risks. Secondly, it is
called on to assist the Cooperation Group in the execution of its tasks. In addition,
the NIS Directive (see above), requires ENISA to assist Member States and the
Commission by providing expertise and advice and by facilitating the exchange of
best practices.
5.2 European Cybercrime Centre (EC3)
In the context of the EU, the European Internet Crime Center (European Cybercrime
Centre—EC3)42 operates within the Europol. The EC3 serves as the focal point of
the fight against cybercrime in the EU. It started its operations in January 2013. EC3
pools European cybercrime expertise to support Member States’ cybercrime inves-
tigations and provides a collective voice of European cybercrime investigators
across law enforcement and the judiciary.
5.3 Global Alliance Against Child Sexual Abuse Online
The Global Alliance against Child Sexual Abuse Online was launched on 5
December 2012, as a joint initiative by the EU and the US, gathering 54 countries
from around the world to fight together against online child sexual abuse.43
At international level, there is an EU-US working group on cyber security and
cybercrime, as well as other international organizations that deal with related issues
such as the Organization for Economic Co-operation and Development (OECD),
the United Nations General Assembly, the International Telecommunication Union
(ITU), the Organization for security and cooperation in Europe (OSCE/OSCE), the
World Summit Meeting on the information society (WSIS), and the Internet
Governance Forum (IGF).
41
Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 con-
cerning measures for a high common level of security of network and information systems across
the Union, OJ L 194/1.
42
European Cybercrime Centre - EC3 (2019).
43
6 The Greek Cybersecurity Framework and Key Players
6.1 Legislation on Cybercrime
The need to adapt the institutional framework in Greece to these circumstances was
self-evident, not only because of its obligation as a Member State in the Council of
Europe (COE) and the EU but primarily because of the need to cover the actual gaps
in national legislation in the field of internet crime aimed at protecting citizens and
states by online unlawful conduct.
On the 3rd of August 2016, the Law on Cybercrime, L.4416/2016-Greek cyber-
crime law (Law), came into force in Greece44 entitled “Ratification of the Council
of Europe Convention on cybercrime and its additional protocol, on the criminaliza-
tion of acts of a racist and xenophobic nature committed through Computer
Systems - transfer to the Greek law of Directive 2013/40/EC of the European
Parliament and of the Council on attacks against information systems and replacing
the framework decision 2005/222/JHA, prison and anticrime policy settings and
other provisions”.
The Law, adopted after a long and eventful law-making process, contributes to
the modernization of the institutional framework for combating cybercrime in
Greece bringing forward indispensable amendments. The ratification of the
Convention was completed in Greece with a delay of 15 years while the deadline for
transposition of Directive 2013/40/EC had been the 4th of September 2016.
Greek national law, up to the introduction of the above-mentioned law, encom-
passed no specialized provisions and in practice, cybercrime was sanctioned mainly
by virtue of the provisions of Law L.1805/1988 titled “Modernization of wine reg-
istry, amended criminal provisions and other related issues”. That law had intro-
duced Articles 370B, 370C, and 386A in the Greek Penal Code to cover at the time
crimes committed through computers. It had also broadened the notion of “docu-
ments” as found in the penal code to include electronic documents in the scope of
the relevant crimes. The lack of specialized provisions had been pointed out on
several occasions by both lawyers and the police that were involved in the investiga-
tion and prosecution of electronic crime in Greece.
The new provisions introduced in 2016 in the national legislative framework
concern the three main offenses that constitute the core of cybercrime in a strict
sense: (a) the illegal access to an information system, (b) unauthorized interference
in an information system and (c) the unlawful intervention in data along with the
offence of interception and of dissemination of tools for the purpose of online
piracy. One common point in all the provisions adopted for e crime in the new law
is that the acts consisting the crime described in each case must be committed by the
accused person “without right” to be characterized as “intentional” crimes. This
44
Official Gazette of the Greek Government No. 142/a/03-08-2016.
way, ethical hacking45 ordered by a company for example to test the security of its
information systems may not be considered as criminal offenses.
Apart from the amendments made to the National Penal Code, the Greek
Cybercrime Law amended the law on the protection of the secrecy of communica-
tions that is Law 2225/1994, as applicable. In particular, it added the newly pro-
vided e crimes (Articles 292A, 292B, 292C, 370C, 370E, 381A, and 381B of the
Greek Penal Code) to the list of Art. 4 of this law that enumerates the crimes for the
investigation of which the lifting of the secrecy of communications is permitted.
This was crucial for the effective detection of e crimes. The protection of secrecy of
communications, as in force in Greece, covers the IP address that every computer
receives on the internet connection, which is one of the most important keys that can
lead to the identity of suspects that commit internet crimes. The last amendment as
described about permits authorities to ask from providers to reveal the identity of
their subscriber to whom a particular IP addressed corresponded at a time detected
as possibly related to an e crime. The same amendment provides for sanctions for
any person that would possibly disclose the fact of lifting the secrecy of communi-
cations to third parties.46
6.2 Legislation on Cybersecurity
Recently, Law 4577/2018 (GG 199/Α'/03-12-2018) transposed Directive 2016/1148/

EU of the European Parliament and of the Council of 6 July 2016 concerning mea-
sures for a high common level of security of network and information systems
across the Union into Greek law (“NIS Directive”).
The Law establishes the national cybersecurity plan and Cybersecurity Authority
in the Ministry of Digital Policy, Telecommunications and Information, designating
the latter with a supervisory and regulatory role. It also provides for the establish-
ment of a Computer Security Incident Response Team (CSIRT).
The new Law sets out important cybersecurity obligations for the following cat-
egories of companies:
• Operators of Essential Services in the fields of energy, transport, credit institu-
tions, financial market infrastructure, health, water supply, and digital
infrastructures.
45
Ethical hacking or penetration testing refers to the exploitation of an IT system with the permis-
sion of its owner to determine its vulnerabilities and weaknesses. It is an essential process of test-
ing and validating an organization’s information security measures and maturity. The results of
ethical hacking are typically used to recommend preventive and corrective countermeasures that
mitigate the risk of a cyber-attack. An ethical hacker is an individual who is trusted to attempt to
penetrate an organization’s networks and/or computer systems using the same knowledge and tools
as a malicious hacker, but in a lawful and legitimate manner. See at https://www.itgovernance.
co.uk/ec-council.
46
Article 5, paragraph 11 of L.2225/1994.
• Providers of Digital services, in particular e-commerce businesses and in gen-

eral, digital services, search engines, and cloud computing providers.
• Businesses falling within the scope of the Law have to adopt technical and orga-
nizational measures for the security of networks and information systems and to
notify the National Cybersecurity Authority and the CSIRT of incidents with a
serious impact on business continuity. The notification must be made without
undue delay and be accompanied by additional information to the Authority
regarding the severity of the relevant incident. The must in general cooperate
with the competent authorities.
The newly established National Cybersecurity Authority is responsible for
assessing the compliance of liable businesses with Law 4577/2018, ordering liable
businesses to provide the necessary information, including security policies and to
correct any breach of compliance.
Following the opinion of the National Cybersecurity Authority, the Minister of
Digital Policy, Telecommunications and Information, imposes sanctions in case of
violation of the provisions of Law 4577/2018 including fines from 15,000 up to
50,000 in case of non-provision or unjustified delay in the provision of information,
if requested by the National Cybersecurity Authority.
6.3 Key National Players in Combatting Cybercrime
In the Greek legal system, many different public as well as private bodies and insti-
tutions can be found involved in tackling cybercrime.
These include, firstly, the Ministry of National Defense, the Directorate of
Cyberdefense of the Hellenic National Defense General Staff (GEETHA), as well
as the Hellenic National Defense General Staff itself as responsible for the adoption
of the National Security Regulation, concerning security policies and the specific
projects implemented by the ministries, public bodies, and public corporations that
hold classified material.
Additionally, the National Intelligence Service, according to L.39/2008 is
responsible for the national CERT (Computer Emergency Response Team) and is
the national authority dealing with online attacks. At the same time, it is a principle
of information security (InfoSec) and ensures the security of communications and
information systems at national level, as well as for the certification of classified
(secret) material of national communications.
The Cybercrime Unit, a Greek Police Division based in Athens, has, as its mis-
sion, the prevention, investigation and repression of crimes or anti-social behavior,
committed through the Internet or other means of electronic communication. It is an
independent agency that reports directly to the Head of the Greek Police. Under the
new Greek Law, and specifically Article 5, it is defined as the focal point for the
fulfilment of the objectives of Article 35 of the Convention.47
47
“24/7 Network”.
The Civil Emergency Planning Directorate (PSEA), that forms part of the
Ministry of Interior, prepares the service schemes for the departments of the General
Secretariat of Administrative Reconstruction and e-Governance. Furthermore, the
Security Studies Centre (KEMEA), found additionally under the Ministry of
Interior, is a founding member of “European Security Organization” in Belgium.
The KEMEA, in collaboration with the Institute of Technology Research (ITR) and
the Aristotle University of Thessaloniki, created the “Hellenic Centre for
Cybercrime” (GCC—Greek Cybercrime Center), which aims to provide training
programs and education, to become a Centre of Excellence on cybercrime
investigation.
The National and Kapodistrian University of Athens established the Laboratory
of Law and Informatics in 2015 with the purpose to drive research in the field of
Law and New Technologies. The subject of Legal Informatics is offered since 2000
as a course in the Law School of the National and Kapodistrian University of
Athens, both at undergraduate and postgraduate levels.
The Hellenic Association of Data Protection & Privacy (HADPP) is a non-profit
group of professionals that aims to raise public awareness on potential risks, to
acknowledge vulnerabilities and help improve business response and standards to
data protection through multidisciplinary practice and collaborative information. It
provides both advice and practical suggestions, especially on upcoming legal frame-
work (GDPR, DPOs, PIAs, PETs, ePrivacy, accountability etc.)
However, new developments at the EU and international48 level rendered it nec-
essary to incorporate new legislative provisions and to take further institutional ini-
tiatives for the implementation of an institutional framework that will include inter
alia the development of official structures and methods to respond to events that
affect the security of information systems from criminal acts. As mentioned above,
a new Cybersecurity Authority has been established in the Ministry of Digital
Policy, Telecommunications and Information, and it is expected to play a central
role as the point of contact between the different key players to achieve effective
cyber protection and coordination of the activity of the dispersed activity of the
other key players.
7 GDPR & Cybersecurity
Cybersecurity and data protection are often the two sides of the same coin.
Individuals are strongly concerned with the protection of their data online while
most e crimes involve illegal processing of personal data. Therefore, there has been
In the upcoming international developments, it is worth mentioning Russia’s proposal for a new
48
Convention on Cybercrime, considering that the Budapest Convention has been in operation for 18
years, as well as the proposal of the Norwegian Judge Stein Schjolber for a new Convention on
Cybercrime under the UN and the establishment of an International Tribunal for Cyberspace
(Court or International Tribunal for Cyberspace—ICTC) see Schjolberg (2012).
a need to strengthen the protection of individuals on the processing of personal data

in the digital environment. In this context is the adoption of Directive 2016/680/
EC,49 which had to be transposed at national level by 25 May 2018.
This directive lays down the rules of orderly, cross-border, or domestic process-
ing of personal data in the context of prevention, investigation, detection, or prose-
cution of criminal offenses or the execution of criminal sanctions and on the free
movement of such data. It includes inter alia, the right of access to the data of the
party concerned and compensation in the event of a loss incurred by failure to com-
ply with the prescribed rules. The settings in this area constitute a mound in the
ever-expanding trend of internet “all-seeing eyes” in the name of stamping out of
cybercrime so they can balance the two conflicting rights, i.e. that of security and
that of privacy.
Other legislative actions include the adoption of Regulation 2016/679/EC on the
protection of natural persons with regard to the processing of personal data and on
the free movement of such data, and repealing Directive 95/46/EC (General Data
Protection Regulation)50 and Directive 2016/681/EC on the use of passenger name
record (PNR) data for the prevention, detection, investigation, and prosecution of
terrorist offenses and serious crime.51
8 I nsurance Coverage for Cybercrime or Personal Data

Breach
Cyber threats have changed over the course of the last few years. There is a move-
ment from wide range distribution of malware to targeted infection of designated
businesses or organizations with ransomware and encryption of the targets’ data
with the intent to extort financial benefits, often in the form of cryptocurrency.
To rectify the heavy financial losses that may come because of a successful
cyber-attack or data breach, businesses are turning to insurance coverage.52 The US
is again a pioneer in this area, with a 30% penetration of cyber insurance in the local
market, with this percentage going up to 70% for the most valued companies in the
country. Financial institutions, public sector agencies, retail market, manufacturing,
49
Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the
protection of natural persons with regard to the processing of personal data by competent authori-
ties for the purposes of the prevention, investigation, detection or prosecution of criminal offences
or the execution of criminal penalties, and on the free movement of such data, and repealing
Council Framework Decision 2008/977/JHA, OJ L 119/89.
50
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the
protection of individuals with regard to the processing of personal data and on the free movement
of such data, OJ L 281/31.
51
Directive (EU) 2016/681 of the European Parliament and of the Council of 27 April 2016 on the
use of passenger name record (PNR) data for the prevention, detection, investigation and prosecu-
tion of terrorist offences and serious crime, OJ L 119/132.
52
Grzadkowska (2018).
transportation, logistics, healthcare and education institutes, and businesses are

adopting insurance coverage for financial remediation of possible cyber incidents.
The decisive factor for this move was that businesses, which although might not
hold large volumes of sensitive data, realized that their operations depend upon
technology and availability of technology and the information they handle and
store.
On the international level, the situation is different. Businesses and the public
sector are now starting to realize the benefits of cyber insurance, gradually increas-
ing the adoption of such services. The expectation is that given time, more business
sectors and companies will include cyber insurance in their efforts to protect them-
selves from the financial consequences of cybercrime.
9 Certifications
9.1 Certification: Business Opportunities
The EU Members States encourage the establishment of data protection certifica-

tion mechanisms and of data protection seals and marks for demonstrating compli-
ance with the regulatory framework on data protection and cybersecurity. These
certifications are voluntary and available via processes that are transparent to all
stakeholders, with a renewal period of 3 years. They have also started working on
the creation and adoption of a common certification at EU level, that of European
Data Protection Seal, under the European Data Protection Board. Private initiatives
have also emerged in this sector during the last few years, providing data protection
certification and seals and marks for businesses and electronic or software products,
based on criteria and recommendations included in the latest EU regulatory
framework.
9.2 Certifications for Organizations & Businesses
Some of the most widely known certifications that organizations and businesses
pursue are, indicatively, the ISO/IEC 27001: Information Technology—Security
Techniques—Information Security Management Systems—Requirements, the I SO/
IEC 27018: Information Technology—Security Techniques—Code of Practice for
protection of Personally Identifiable Information (PII) in public clouds acting as PII
processors and the PCI/DSS (Payment Card Industry Data Security Standard):
Proprietary information security standard for organizations that handle branded
credit/debit cards’ transactions from the major card schemes including Visa,
MasterCard, American Express, Discover, and JCB.
9.3 Certifications for Professionals
Several private organizations and associations, some of which are non-profit, pro-
vide training and certifications to professionals on data privacy, ethical hacking,
penetration testing, secure architecture of information systems, and other areas of
information security. Some of these: (ISC)2, ISACA (Information Systems Audit
and Control Association), IAPP (International Association of Privacy Professionals),
EC-Council, CompTIA, the SANS Institute, and others. Due to legislation differ-
ences between different regions, some of these certifications are tailored to deal
with legislation in specific regions such as the EU, US, Canada, and Asia.
10 Conclusion
Although the new institutional instruments were necessary for the prosecution of
cybercrime, those dealing with this sector agree that prevention is the most decisive
factor for reducing the perpetration of crimes of this kind. No matter how much
anyone invests to protect their infrastructure from a cyber-attack, the weakest link
always remains the human factor as it has been proven through the so-called “social
engineering”.53 Ultimate deception, ignorance, or the goodwill of someone in a key
position will open the “backdoor” for a cybercrime or/and the attack on an informa-
tion system.54
The new laws provide the legal instruments to facilitate legal sanctions but—as
always—prevention is preferable to the suppression of crime and in this context the
action of agencies promoting awareness for the consequences of electronic and/or
online crimes would be decisive. The EU has the manpower and expertise to respond
in a timely manner to the challenges of dealing with cybercrime as long as there is
relevant institutional will and a central coordination of all stakeholders, as required
by the EU laws and institutional developments.
References
2001/413/JHA: Council Framework Decision of 28 May 2001 combating fraud and counterfeiting
of non-cash means of payment, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%
3A32001F0413
Accenture & Ponemon Institute (2019) “The Cost of Cybercrime”. https://www.accenture.com/_
acnmedia/PDF-96/Accenture-2019-Cost-of-Cybercrime-Study-Final.pdf
Encyclopedia Britannica (2018) Denial of service attack. https://www.britannica.com/technology/
denial-of-service-attack
53
Proofpoint (2016).
54
ENISA (2016b).
ENISA (2013) Mission and Objectives. https://www.enisa.europa.eu/about-enisa/

mission-and-objectives
ENISA (2016a) The cost of incidents affecting CIIs. https://www.enisa.europa.eu/publications/
the-cost-of-incidents-affecting-ciis
ENISA (2016b) Annual Incident Reports 2015. https://www.enisa.europa.eu/publications/
annual-incident-reports-2015
ENISA (2019) Botnets. https://www.enisa.europa.eu/events/botnets
European Commission (2014) Migration and Home Affairs, We Protect Global Alliance to End
Child Sexual Exploitation Online. http://ec.europa.eu/dgs/home-affairs/what-we-do/policies/
organized-crime-and-human-trafficking/global-alliance-against-child-abuse/index_en.htm
European Commission (2019) Shaping the Digital Single Market. https://ec.europa.eu/
digital-single-market/en/policies/shaping-digital-single-market
European Cybercrime Centre - EC3 (2019). https://www.europol.europa.eu/about-europol/
european-cybercrime-centre-ec3
Facebook Notes (2014) Taking Down the Lecpetex Botnet. The Telegraph. https://www.telegraph.
co.uk/technology/internet-security/10959158/Arrests-as-Facebook-spam-botnet-is-shut-
down.html
Grzadkowska A (2018) How cybercrime and coverage evolved in 2018. Insurance Business
America. https://www.insurancebusinessmag.com/us/news/cyber/how-cybercrime-and-cover-
age-evolved-in-2018-118721.aspx
Joint Communication to the European Parliament, the Council, the European Economic and
Social Committee and the Committee of the Regions Cybersecurity Strategy of the European
Union: An open, safe and secure cyberspace, Join (2013). https://eur-lex.europa.eu/procedure/
EN/202369
McAfee (2016) Economic Impact of Cybercrime Report. http://www.mcafee.com/us/resources/
reports/rp-economic-impact-cybercrime2.pdf
Politis D et al (eds) (2009) Socioeconomic and Legal Implications of Electronic Intrusion,
Information Science Reference, 2009, Athens, Greece, ISBN 978160566205
Proofpoint (2016) “The Human Factor”. https://www.proofpoint.com/sites/default/files/human-
factor-report-2016.pdf
Schjolberg S (2012) A paper for the EastWest Institute (EWI) Cybercrime Legal Working Group.
http://www.cybercrimelaw.net/documents/ICTC.pdf. 19 Apr 2019
Technopedia (2019) Data Theft. https://www.techopedia.com/definition/26274/data-theft
Tikk E et al (2010) International cyber incidents: legal considerations. CCDCOE Publications.
https://ccdcoe.org/uploads/2018/10/legalconsiderations_0.pdf
Trend Micro (2019) What is Ransomware?. https://www.trendmicro.com/vinfo/us/security/
definition/Ransomware
Chapter 12
The Role of Human Dignity in Processing
(Health) Data Building on the Organ Trade
Prohibition
Anne E. de Hingh and Arno R. Lodder
Abstract The datafication, commodification, and commercialization of our exis-

tence as an inevitable part of the online infrastructure of today not only affects our
privacy but it goes deeper by touching upon even more fundamental conditions of
being human. In this chapter, bio-medical regulations prohibiting the trade of human
body parts are explored to see whether the non-commercialization principle in these
laws is helpful in assessing data processing practices. An analogy between data
processing and organ trade may help us to develop a new perspective on what con-
stitutes improper commercial use of personal data and find ways to prohibit (repre-
hensible aspects of) the trade in personal data. We propose to reorient the debate on
data processing by introducing the notion of human dignity as constraint into the
discussion. A prohibition of personal data commercialism (analogous to a prohibi-
tion of transplant commercialism) could contribute to a more future-proof regula-
tion of data processing activities.
1 Introduction
The effects of harvesting personal data by large commercial entities, such as inter-
net companies, social media, and internet service providers, are at least threefold.
First, virtually all aspects of our lives are converted into computerized data (datafi-
cation, see e.g. Newell and Marabelli 2015). Subsequently, our identities, habits,
and behavior are transformed into new forms of value or commodities (commodifi-
cation, see e.g. Schwartz 2004). Finally, as our personal data and consumer profiles
represent high values, they are purchased, processed, and sold on over and over
again (commercialization, see e.g. Smutny et al. 2017). The worldwide data broker
industry, which thrives on the fact that personal data generate economic value,
makes for great revenues.1
OECD (2013).
1
A. E. de Hingh · A. R. Lodder (*)

CLI-Center for Law and Internet, Vrije Universiteit Amsterdam, Amsterdam, The Netherlands
e-mail: a.r.lodder@vu.nl

https://doi.org/10.1007/978-3-030-25579-4_12
262 A. E. de Hingh and A. R. Lodder
The datafication, commodification, and commercialization of our existence as an

inevitable part of the online infrastructure of today not only affects our privacy but
it goes deeper by touching upon even more fundamental conditions of being human.
In this chapter, bio-medical regulations prohibiting the trade of human body parts
are explored to see whether the non-commercialization principle in these laws is
helpful in assessing data processing practices. An analogy between data processing
and organ trade may help us to develop a new perspective on what constitutes
improper commercial use of personal data and find ways to prohibit (reprehensible
aspects of) the trade in personal data.
There is another reason for our approach. Since the nineteenth century, the world
is connected via telex, telephony, fax, and most recently, computers. This latter
network, of connected computers, known as the internet, is gradually moving into a
next phase. Besides PCs and from later date smartphones and tablets, presently all
kinds of objects, such as toothbrushes, wearables, TVs and cameras, are connected
to the internet. The internet of bodies is a subspecies of this internet of things, and
represents the connected body. This internet of bodies facilitates communication
about, e.g. the performance of implants, as well as the health condition of the indi-
vidual being monitored. Moreover, pace makers can be connected, insulin levels can
be measured at a distance, eventually followed by automatic injections. All kinds of
sensitive data are communicated about a person’s health, like general condition,
heartbeat, blood pressure, etc.
Now the processing of data gets close to and even enters our bodies, Article 3(2)
of the EU Charter springs to mind: “the prohibition on making the human body and
its parts as such a source of financial gain”. This article was not drafted with data
processing in mind, but covers, e.g. slavery and human trafficking in relation to the
body and its parts. One could, however, argue that the data being transferred from
human implants and wearables is in conflict with this fundamental right. Companies
are making money with parts of the human body, viz. data (in)directly related to our
body. More generally, one could question to what extent human dignity asks for
protection against the processing of (health) data. Hence, Article 1 of the EU Charter
of Fundamental Rights does state “Human dignity is inviolable. It must be respected
and protected.”
In relation to trade in body parts, governments set limits to the free choice of its
citizens, even in criminal law. In May 2015, Marc H. put an advertisement on
Marktplaats.nl, the Dutch eBay, to sell his kidney for the sum of 50,000 euros. He
was arrested by the police soon afterwards but acquitted because of insufficient
evidence for financial gain. As the suspect had not yet received any offer, the pur-
pose of financial gain could not be sufficiently demonstrated—advertising body
parts alone was considered insufficient evidence for the purpose of financial gain. In
this chapter, we do not focus on eventual sanctions, be it criminal, administrative, or
civil, but explore the underlying principles for regulating the processing of (health)
data.
The chapter is structured as follows. In the light of the focus of our chapter (an
analogy between data processing and the organ trade prohibition), we discuss some
relevant assumptions of data protection law. Subsequently, the analogy between
12 The Role of Human Dignity in Processing (Health) Data Building on the Organ… 263
data processing and trade in body parts is explored. We aim to strengthen our obser-
vations related to the analogy between trade in body parts and data processing in
general with a discussion of the processing of health data, and briefly touch upon
paternalism (Husak 2009).
2 Need for a Change in Application of Data Protection Law
The topic of this paper is part of a broader argument in the context of data protection
law (Bygrave 2018). Our concern with data protection law, not only relates to the
fact that gradually more intimate data is being processed. This is actually one side
of the spectrum, the processing of (very) sensitive data. This is what the GDPR
does, to some extent, regulate, because in principle it is not allowed to process spe-
cial categories of data such as health data (Article 9(1) GDPR). However, there are
exceptions to this rule, e.g. in case the data were manifestly made public by the data
subject (Article 9(2)(e) GDPR). The other end of the spectrum is personal data to
which data processing rules apply, but where one can question whether data protec-
tion law for these data is necessary in the first place. We start this chapter by briefly
discussing what we would like to call different flavors of data processing.
Many observe the discrepancy between the scope of GDPR norms and the effect
these norms have in practice. We believe that data protection law, as it exists today,
is too straightforwardly simple. The GDPR distinguishes special categories of data,
but besides that the same norms apply to a controller/processor not interested at all
in the personal data that are being processed (e.g. ERP cloud providers), controllers
who have a small business and only use personal data to deliver goods, controllers
whose business model is based on data analytics, etc. A possible reason might be
that the drafters of the norms do not provide the data protection law framework with
empirical backing, cf. Bamberger and Mulligan (2015):
This absence of empirical assessment of regulatory impact on the practice of privacy leaves
legal reformers shooting in the dark, without a real understanding of the ways in which
previous regulatory attempts have either promoted or thwarted privacy’s protection.
What is happening right now is that big data processors like Facebook and
Google largely can continue with their business as usual, whereas all kind of small
players like sport clubs, schools, stores, are outright panicking about the conse-
quences of the GDPR, in this context commonly referred to as “The new privacy
law”. Also in academia, there is a tendency to ask for permission of processing of
totally innocent use, e.g. asking permission to a group of 15 people in the same
room, for the same reasons, to share the e-mail addresses—funny enough they
already did when sending the invitation…
Thus, the data protection norms that apply to Google, Facebook, and the likes are
the same as those that apply to the next corner butcher and flower shop or the cloud
provider only providing the tech to process data cannot be left unnoticed. A physical
analogy for the latter situation is that the company that stores boxes with personal
data is controller/processor. We want to start a discussion on differentiation of data

processing regimes. What we propose is tentative, and is meant as a starting position
rather than a well worked out division. We suggest to distinguish the following four
categories, ranging from most infringing (1) to hardly infringing if at all:
1. Processing is in principle forbidden, but the DPA can license the processing
activity. One category might be the processing of health data for commercial
purposes. Article 9(2)(a) GDPR provides this option to Member States, to allow
data subject to lift the prohibition of processing as defined in Article 9(1)
GDPR. Markou (2011) did propose a ban for the processing of sensitive data in
the context of commercial profiling and personalized advertising. Sometimes
processing of health data is inevitable, e.g., for insurance companies. They will
thus get a license. A more controversial category is to prohibit the business
model that is solely based on the processing of personal data.
2. The current framework. The GDPR as it is right now should apply to all data
processing activities that do not fall under one of the other categories.
3. GDPR light. A basic set of rules, based on Article 5 GDPR. An organization
needs to demonstrate that they act in accordance with the data protection prin-
ciples listed in Article 5. This category applies based on for what purpose the
data is being processed, and the nature and number of data being processed.
4. Processing is allowed, but security measures must be taken. This category applies
to parties processing data as a service (e.g. cloud providers), and do nothing with
the data other than storing the data or providing the services necessary to process
the data.
We suggest the data protection framework, or at least its application, should bet-
ter consider the nature of the data and the purpose for which the data is being pro-
cessed along the lines just sketched. We do not further elaborate on this topic in this
paper in general, but as a first step concentrate on how the data protection norms
related to health data could be reconsidered.
3 Data Protection in General: Data Subject Responsible
Current laws and regulations on privacy and data protection heavily rely on the
concept of informational self-determination (Cavoukian 2015)—the ability of indi-
viduals to have control over the collection, use, and disclosure of their personal
information—on autonomous choice and consent (Austin 2014). This is what
Solove (2013) refers to as “privacy self-management”: rights that provide people
with control over their own personal data. According to Solove, this control helps
people to “decide for themselves how to weigh the costs and benefits of the collec-
tion, use and disclosure of their information”. He argues that it would be paternalis-
tic to protect people against their own bad decisions: “people make decisions all the
time that are not in their best interest. People relinquish rights and take bad risks,
and the law often does not stop them.”
In this interpretation, the regulatory framework presumes a high degree of con-

sumer knowledge, a freedom of choice and autonomous, “empowered” consumers.
In practice, however, in particular online consumers are all but empowered indi-
viduals. Due to a lack of transparency in the market, and the absence of a true
choice, consumers cannot take up responsibility for the protection of their own per-
sonal data (Zwitter 2014).
Consumers who want to make use of free online services and social media, like
Google, Facebook, or the apps on their phones do not have real choice but to agree
to the terms and conditions. This is not a matter of free choice, but of enforced
choice (Carolan 2016). The current system is based on coercion, forcing consumers
to accept all terms and conditions of search engines, websites, and social media just
by clicking “OK” and to agree to the commercial use of their personal data. As the
Minister of Economic Affairs of Cyprus phrased it at the conference in Nicosia
November 2017: “The statement that someone has read terms and conditions is the
biggest lie of the century.”
Consumers, most of the time, are not really aware what personal data is being
collected by companies, and are therefore not familiar with the data protection risks
they run. Online reality outpaces “the idea that it is possible or desirable for every
individual to monitor and manage a shifting collection of privacy settings of which
they may only be dimly aware” (Richards and King 2014). Even if consumers read
a privacy policy, it is almost never sufficiently clear for the person concerned that
his personal data are used and for what purpose (Zuiderveen Borgesius 2014). How
many LinkedIn users were aware of the possibility that their personal profiles were
sold to third parties, and eventually to Microsoft? As Whittington and Hoofnagle
(2012) remark: “Having spent time reading a privacy policy, the consumer may still
not discover critical terms, such as whether the company sells personal information
to third parties. Many privacy policies use vague, innocuous-sounding terms to
mask third-party information sharing”.
Consequently, consent in current data protection law has become “tainted” by
unfair bargaining conditions and has lost its effectiveness altogether (Schermer
et al. 2014). A lack of knowledge and information renders the classical privacy/
consent based framework inadequate. Any form of self-determination on the deci-
sion whether one should share or sell his or her personal data has become illusory.
The objections with regard to the underlying principles of privacy law and data
regulation are acknowledged by many, but satisfactory solutions are difficult to
come up with. For example, Opinion 4/2015 of the EDPS,2 does suggest a radically
new approach towards the question of “the ever-increasing amounts of personal
information being collected and processed in increasingly opaque and complex
ways”. However, it does not offer new solutions to get out of the deadlock. On the
contrary, it presents the same, well-known framework that leans heavily on empow-
ered individuals, accountable controllers, and innovative privacy engineering.
Neither does the General Data Protection Regulation seem to address the
2
Opinion EDPS, September 11th 2015, “Towards a new digital ethics. Data, dignity and
technology”.
i nadequacies of the regulatory system nor bring any substantive changes in this situ-
ation, although consumers are granted the right to object to (profiling related to)
direct marketing.3 Law is still based predominantly on the misconception that con-
sumers understand the rules of data collection, are well informed, and are digitally
savvy enough to be able to realize an adequate level of data protection themselves.
Giving up personal data to get some product or online service “for free” is consid-
ered as an inevitable consequence of taking part in the digital world of today.
Legal authors have struggled with the above-mentioned problems on current pri-
vacy and data protection laws. Some of them propose, for example, a more flexible
regulation of data protection by introducing a less strict form of consent (Schermer
et al. 2014). Others discuss a proprietary approach vesting a property right on per-
sonal data (Prins 2006; Purtova 2011), or a “privacy 2.0 approach”, which leaves
less room for the principle of purpose limitation;4 or, rules of unfair trading prac-
tices could be an alternative for privacy regulation (Hartzog and Solove 2015).
However, the proposed solutions do not offer a truly satisfactory solution to the
concerns the majority of consumers experience. We do not believe that these prob-
lems can be addressed simply by adjusting the conditions within which the data
market operates. Even if the solutions proposed resulted in fair background condi-
tions, well-informed consumers, a transparent market, explicit consent, even the
possibility for consumers to vest property rights to their own data, the aversion, and
moral concerns on the commodification and commercialization of personal data
will not disappear. We encounter what lies beyond simple market-driven practices.
This leads to the question whether there may be “some things that money should not
buy?” (Sandel 2013).
Our conclusion is that privacy law and data protection rules alone do not offer
enough protection to consumers who are concerned that their identities are frag-
mented into marketable parts and feel uneasy having to sell those parts whenever
they are online. This unease can neither be explained by the single fact that people
feel coerced to sell their data in exchange for (free) online services and conse-
quently lose control over the process, nor can this be addressed by simply adjusting
the market conditions, as liberal consent theorists believe. Other dimensions of life
than privacy are at stake here, selling data per se can be more fundamentally, intrin-
sically degrading.
3
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
of 27 April 2016 on the protection of natural persons with regard to the processing of personal data
and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection
Regulation). Art 21 (2): Where personal data are processed for direct marketing purposes, the data
subject shall have the right to object at any time to processing of personal data concerning him or
her for such marketing, which includes profiling to the extent that it is related to such direct
marketing.
4
Moerel and Prins (2015).
4 Body Parts and Data
We believe that looking into a different field of law, namely biotechnology law, and
the role human dignity plays in this field may help us articulate new approaches to
data protection. Human dignity is commonly approached from two perspectives.
One is dignity as empowerment, as respect for autonomy. We use dignity here in
another sense, viz. dignity as a constraint, as protection against
instrumentalization.
It may seem infeasible to bridge the conceptual gap between the human body and
personal information, but as already touched upon in the introduction this might be
less far-fetched than it seems. Obviously, the legal status of human body parts does
not correspond with the status of personal data entirely, but there are good grounds
to make the comparison.
Current technologies have enabled medical science to isolate, process, change,
and exploit parts of the body (like organs, blood, embryos, stem cells, and tissues)
to be used for medical, scientific, and commercial purposes. Parts that previously
were inextricably linked to the human body are now considered as a useful resource.
This process of objectifying the individual has enabled the industry to extract, use,
and market body parts without reference to the person involved. It is often observed
that here practices are permeated by commercial metaphors. These metaphors in
biotechnology reflect the reduction of the person into marketable body parts: “bod-
ies are mined like a resource and organs are harvested like a crop” (Andrews and
Nelkin 1998). This process shows resemblance with the harvesting of personal data
in the context of big data applications, and considered by the companies as the “oil
of the internet”.
The developments in the domain of medical biotechnology have put pressure on
the idea of the unity of the person and the body. Just like the development of Big
Data practices and datafication have turned persons into (data-)objects, packages of
data that are subsequently stripped and fragmented, analyzed and sold, bio tech-
nologies have deprived the human body of its organic unity and have transformed
the human body into a kit of useful (exploitable) “bio-materials” (Van Beers 2017).
Both biotechnology and in data processing and data analytic practices, parts of the
person or identity of individuals are separated from the individuals themselves.
Both practices render persons into an endless source of use values: bio products and
personal data. In this sense, the legal status of personal data and human body parts
can be compared; or, as Mittelstadt and Floridi (2016) noted, “it is likely more ethi-
cally problematic to strip context from data used to track the behaviors of individu-
als than it is to remove identifying information from tissue samples for medical
research”.
The ethical issues surrounding the human body have resulted in an extensive
regulation of medical biotechnology provided with many legal prohibitions and
restrictions. In (international) bio-regulatory instruments, the conception of human
dignity plays a dominant (constraining) role where it prescribes the limits of modern
technologies (Beyleveld and Brownsword 2002). For instance, Article 1 of the

Convention on Human Rights and Biomedicine of the Council of Europe:
Parties to this Convention shall protect the dignity and identity of all human beings and
guarantee everyone, without discrimination, respect for their integrity and other rights and
fundamental freedoms with regard to the application of biology and medicine
Article 1 and 2(a) of the Universal Declaration on the Human Genome and
Human Rights:
The human genome underlies the fundamental unity of all members of the human family,
as well as the recognition of their inherent dignity and diversity. In a symbolic sense, it is
the heritage of humanity
Everyone has a right to respect for their dignity and for their rights regardless of their
genetic characteristics
Article 1 of the International Declaration on Human Genetic Data:

The aims of this Declaration are: to ensure the respect of human dignity and protection of
human rights and fundamental freedoms in the collection, processing, use and storage of
human genetic data, human proteomic data and of the biological samples from which they
are derived […]
Article 2(c) and 3(1) Universal Declaration on Bioethics and Human Rights:
The aims of this Declaration are: to promote respect for human dignity and protect human
rights, by ensuring respect for the life of human beings, and fundamental freedoms
Human dignity, human rights and fundamental freedoms are to be fully respected.
One specific way in which the concept finds its expression in the regulation of
biomedical technology is that human dignity in itself is contradictory with the com-
modification and the trade of human body parts: the principle of non-
commercialization. The principle that the human body is extra commercium applies
to all parts of the human body: i.e. tissue, blood, organs, eggs, sperm, and embryos.
The prohibition of so-called transplant commercialism is found in numerous decla-
rations and treaties,5 where transplant commercialism is defined as “…a policy or
practice in which an organ is treated as a commodity, including by being bought or
sold or used for material gain”.6 The trade of human cells, tissues, and organs is
prohibited as it is inconsistent with the most basic human values and would imply
the instrumentalization of the personhood that contravenes the Universal Declaration
of Human Rights.
Moreover, payment for human body parts is likely to take unfair advantage of
vulnerable groups of people and leads to profiteering and human trafficking. The
principle of non-commercialization conveys the idea that people lack dignity once
5
See Convention on Human Rights and Biomedicine Article 21 – Prohibition of financial gain:
The human body and its parts shall not, as such, give rise to financial gain. See Istanbul Declaration
on Organ Trafficking and Transplant Tourism 2008.
6
http://hottproject.com/about-the-crime/other-crimes/transplant-commercialism.html.
they are used by others as mere objects. This draws upon the writings of Kant
(1797):
A human being cannot be used merely as a means by any human being (…) but must always
be used at the same time as an end. It is just in this that his dignity (personality) consists
(…). [H]e cannot give himself away for any price (this would conflict with his duty of self-
esteem) …
The principle of non-commercialization is reflected, for example, in the practice

in the Netherlands (and in the United Kingdom) that blood donors are not paid, but
only modestly reimbursed for their donation of blood (Petrini 2012). The principle
that the human body should be neither commercialized nor a source of gain seems
no subject of discussion: many countries at least in Europe have laws that embrace
human dignity as constraint and prohibit the purchase or sale of body parts.
Dignity as constraint and the principle of non-commercialization have up until
now been left out of the debate on data protection law. Instead, in privacy and data
protection law, dignity as empowerment and the principles of individual autonomy
and consent, as instruments of self-determination, prevail. It is however precisely
the former, constraining dimension that could be of help in trying to find ways to
offer better legal protection for digital consumers. Introducing the dimension of
human dignity as a constraint enables us to reconsider the legal issues in the discus-
sion on commercial use of personal data on the internet from a different angle
(Brownsword 2007).
For the sake of this argument, an analogy must be drawn between parts of the
human body on the one hand and personal data as parts of the personal identity of a
human being on the other. The financial gain of the trade of body parts, whether for
the person from whom these parts have been removed or for a third party, must be
compared to the financial gain of data trade. Like in the bio-market, the prohibition
of commercialization of data would apply to the individual whose personal data are
purchased in exchange for free access to internet services and to the third parties:
corporate entities of which the business models depend on the trade of human iden-
tities. The absence of any regulation where the parallel between body parts and data
processing is drawn could be considered as a legal inconsistency.
5 Towards an Alternative Data Protection Approach
In this section, we elaborate on three alternative ways to approach data protection

law, inspired by the law on biotechnology just discussed. Subsequently, we address
health data and the concepts of paternalism and dignity.
5.1 Explicit Consent for Processing of Health Data
It is considered a crime to sell your organs, but what if health data are sold, and
people agree to this transaction? Article 4(11) GDPR has a very strict definition of
consent:
‘consent’ of the data subject means any freely given, specific, informed and unambiguous
indication of the data subject’s wishes by which he or she, by a statement or by a clear
affirmative action, signifies agreement to the processing of personal data relating to him or
her;
As already referred to above, Article 9(1) GDPR prohibits the processing of spe-
cial categories of data such as:
(…) the processing of genetic data, biometric data for the purpose of uniquely identifying a
natural person, data concerning health (…)
There are several exceptions to this ban on processing of special categories of

data, relevant for now is the following one:
2. Paragraph 1 shall not apply if one of the following applies:
(a) the data subject has given explicit consent to the processing of those personal data for
one or more specified purposes, except where Union or Member State law provide that the
prohibition referred to in paragraph 1 may not be lifted by the data subject (…)
Whereas Article 4(11) presents a type of consent that seems the most rigid pos-
sible, here the GDPR uses the concept explicit consent. This is not the place to dis-
cuss what this addition “explicit” entails, but we have not encountered yet someone,
who could come up with a meaningful distinction between consent in the sense of
Article 4(11) and explicit consent. This was also the outcome of a discussion during
the November 2017 REDA conference in Nicosia, Cyprus.
Health data may be provided by the data subject for free, but normally there is a
reward, e.g. a service is provided in return. In case of organ trade, if someone pro-
vides his organs without monetary reward this is allowed, but if money is received
in return this is considered a crime. The rationale is that trade is only possible when
there are at least two parties (and often third parties, intermediaries), so also the one
who provides the body parts falls under the scope of the regulation. Also, and in
particular, intermediaries and the one who receives the organ are condemned.
However, to stop transactions, criminalizing the donor is considered necessary. In
the context of data protection the donor, viz. data subject, is not the one on which
the normative framework should concentrate from an enforcement perspective.
Rather, the parties collecting and processing the data are the ones relevant here.
5.2 Paternalism and Health Data
Paternalism is a recurring issue when regulation is aimed at protecting peo-

ple (Moore 2013). In the context of organ trade, Conly (2012, p. 3) writes “We
should save people from doing things that are gravely bad for them when they do
that only as a result of an error in thinking (…) government should intervene in
cases of obvious harm (…) I argue for paternalistic laws, and more specifically,
paternalism of the sort that forces people to act, or refrain from acting, according to
their best interests.”
One reason for a paternalistic approach is that in case of the sale of organs,
debate is that genuine and free consent is impossible. To what extent is free consent,
in particular in the (explicit) GDPR sense, possible in case of data processing? The
answer is that often it is not. In some of these cases, a paternalistic government
approach should be considered (Allen 2015). One is the right to data portability in
the context of health data. If citizens get control over health data, they can also pro-
vide these data to interested commercial parties. We doubt whether citizens realize
the possible impact of having their health data analyzed by commercial parties. On
consent and health data, there is also a flip side to this issue. Since consent should
be freely given, and in case of health data explicitly, data protection law can also
prevent rather innocent processing activities. One example is an outing with the
company you are working with. Assume they want to climb walls, and some health
data need to be provided to the company of the climbing wall. The employer cannot
get consent for obtaining these data, since due to the power relation freely given
consent is not possible. As we briefly sketched above, we should strive for data
processing that covers all sides of the spectrum: no or fewer constraints in case of
rather innocent data processing, and firmer constraints and maybe even a ban for
intrusive data processing activities.
Is it a task for governments to protect, more than under the GDPR is the case,
citizens against the processing of (health) data? There is a thin line between justified
government interference and unduly paternalism. Privacy advocates are easy targets
for accusations of paternalism: “If you really considered it, you would not give
permission!”, “Don’t click okay blindly.” Still privacy, and in the European Union
even data protection, are fundamental rights (Van der Sloot 2017). Therefore, it
could be considered the duty of government to protect its citizens in this respect and
create further safeguards (Wisman 2019). But how, and to what extent?
A relevant angle for a refined approach to data processing is including ethical
considerations. Roughly put, for legal and tech phenomena in general and data pro-
cessing in particular, at least three questions are relevant. The first is about the tech-
nology, what is possible? The second is about the law, what is permissible? But even
within the limits of the law, ethics should play a role, viz. what is desirable? To some
extent this is covered by the Article 5(1) GDPR principle “fair processing”.
Processing should be fair, in relation to both a particular data subject and society at
large. In relation to body parts, Kishore (2005) states “Arguments against organ sale
are grounded in two broad considerations: (1) sale is contrary to human dignity, and
(2) sale violates equity (…) they reflect a state of moral paternalism rather than
pragmatism.” We claim that sometimes data processing can be non-ethical, against
human dignity. An example is the commercial exploitation of health data of vulner-
able people.
5.3 Dignity
In the GDPR, not much reference to dignity can be found, actually, only once, in the
case of processing in the context of employment. Article 88(2) GDPR states “Those
rules shall include suitable and specific measures to safeguard the data subject’s
human dignity, legitimate interests and fundamental rights…”.
Post (2018) correctly observes that the GDPR is based on Article 8 EU Charter
of fundamental rights, in which data protection is presented as a fundamental right.
It is somewhat strange, amongst all those other fundamental rights, because the
description is instrumental, even explicitly referring to fair information processing
principles such as purpose specification, consent, and correction rights. This is dif-
ferent from the right to privacy in Article 7 of the EU Charter of fundamental rights:
In contrast to data privacy, Article 7 of the Charter of Fundamental Rights of the European
Union is entitled “Respect for Family and Private Life.” (…) protects the dignity of persons
by controlling inappropriate communications that threaten to degrade, humiliate or mortify
them. (…) Article 7 enshrines the same privacy values as those safeguarded by the American
tort of public disclosure of private facts. It protects what we may call “dignitary privacy.”
These different approaches to data protection and privacy might explain why
there is not room for dignity in the GDPR. It might be also the reason there is not a
single reference to privacy in the GDPR (except twice in a footnote when reference
is made to the ePrivacy directive). In earlier versions, privacy was mentioned. The
rigorous “privacy cleaning” of the GPDR has also led to the renaming of the well-
known concepts Privacy by Design, Privacy by Default, and Privacy Impact
Assessment to Data protection by design, Data protection by default, and Data pro-
tection impact assessment. However, even from the perspective of data protection,
as described in Article 8 of the Charter, the concept of dignity should not be left out
of the picture totally. Article 1 of the Charter, after all, is about dignity, and as the
Fundamental Rights Agency explains7: “It results that none of the rights laid down
in this Charter may be used to harm the dignity of another person”. Thus, there is
even fundamental backing for looking at dignity in the context of data protection.
Hence, based on dignity, there are situations where individuals should be allowed
to permit the collecting, gathering, and deriving of their personal data. We discussed
Article 9(2)(a) and that the processing of health data could in some situations even
be prohibited if the data subject gives explicit consent. The responsibility for
respecting a prohibition based on dignity should not be placed at the realms of the
http://fra.europa.eu/en/charterpedia/article/1-human-dignity.
7
individual or data subject, rather the focus has to be directed to the controllers and
processors of personal data (De Hingh 2018).
6 Conclusion
Were it not for the law, parts of the human body like blood and skin could be an
inexhaustible source of income—just like personal data are today. On a massive
scale, large parts of our identity and our personality are commodified and becoming
the object of trade. The fundamental right to privacy and data protection do not suf-
fice to explain this discomfort or to tackle the legal issues arising from it. The com-
modification of our personal data as part of the online infrastructure of today does
not affect the right to privacy alone but goes further by touching upon more funda-
mental conditions of being human, the deformation of which interferes deeply with
the core of our human dignity.
Therefore, we propose to reorient the debate on data processing by introducing
the notion of human dignity as constraint into the discussion. A prohibition of per-
sonal data commercialism (analogous to a prohibition of transplant commercialism)
could contribute to a more future-proof regulation of data processing activities.
Legal instruments similar to the ones concerning the human body could be applied
to the trade of personal data as well.
Today, numerous (online) companies have developed business models based on
the trade of personal data. However, none of the “potential benefits of the new tech-
nologies really depend on the collection and analysis of the personally identifiable
information of billions of individuals”.8 The collection and processing of personal
data is by definition neither indispensable when doing business on the internet, nor
is data processing an absolute prerequisite for the functioning of online services.
Against this background, there are no obstacles to limit or prohibit the use of this
technology at least in areas where human dignity is evidently at stake, such as many
situations where health data are being processed for commercial purposes.
References
Allen AL (2015) Unpopular privacy. What must we hide? Oxford University Press
Andrews L, Nelkin D (1998) Whose body is it anyway? Disputes over body tissue in a biotechnol-
ogy age. The Lancet 351(9095):53–57
Austin LM (2014) Enough about me: why privacy is about power, not consent (or harm). In: Sarat
A (ed) A world without privacy: what law can and should do? Cambridge University Press
Bamberger KA, Mulligan DK (2015) Privacy on the ground. Driving corporate behavior in the
United States and Europe. The MIT Press
Opinion EDPS, see note 2.

8
Beyleveld D, Brownsword R (2002) Human dignity in bioethics and biolaw. Oxford University
Press
Brownsword R (2007) Rights, regulation, and the technological revolution. Oxford University
Press
Bygrave LA (2018) Legal scholarship on data protection: future challenges and directions. In:
Degrave E, de Terwangne C, Dusollier S, Queck R (eds) Law, norms and freedoms in cyber-
space: Liber Amicorum Yves Poullet. Larcier, pp 493–504
Carolan E (2016) The continuing problems with online consent under the EU’s emerging data
protection principles. Comput Law Secur Rev 32(3):462–473
Cavoukian A (2015) Evolving FIPPs: proactive approaches to privacy, not privacy paternalism.
In: Gutwirth S, Leenes R, de Hert P (eds) Reforming European Data Protection Law. Law,
Governance and Technology Series, vol 20. Springer, Dordrecht
Conly S (2012) Against autonomy. Justifying coercive paternalism. Cambridge University Press
De Hingh A (2018) Some reflections on dignity as an alternative legal concept in data protection
regulation. German Law J 19(05):1269–1290
Hartzog W, Solove DJ (2015) The scope and potential of FTC Data Protection. George Wash Law
Rev 83:2230; GWU Law School Public Law Research Paper No. 2014-40; GWU Legal Studies
Research Paper No. 2014-40. https://ssrn.com/abstract=2461096
Husak DN (2009) Legal paternalism. In: LaFollette H (ed) The Oxford handbook of practical
ethics
Kant I (1797) The metaphysics of morals (trans: Gregor MJ). Cambridge University Press, 1991
Kishore HH (2005) Human organs, scarcities, and sale: morality revisited. J Med Ethics 31:362–365
Markou C (2011) Consumer-oriented software agents in the buying process: risks, issues and the
EU legal response. Ph.D. thesis, University of Lancaster, Lancaster
Mittelstadt D, Floridi L (2016) The ethics of biomedical big data. Springer
Moerel L, Prins C (2015) On the death of purpose limitation. Privacy perspectives, 2 June 2015.
http://Iiap.org/news/a/on-the-death-of-purpose-limitation
Moore AD (2013) Coercing privacy and moderate paternalism: Allen on unpopular privacy
(February 26, 2013). https://ssrn.com/abstract=2225376
Newell S, Marabelli M (2015) Strategic opportunities (and challenges) of algorithmic decision-
making: a call for action on the long-term societal effects of ‘datification’. J Strateg Info Syst
24(1):3–14
OECD (2013) Exploring the economics of data: a survey of methodologies for measuring mon-
etary value. OECD digital economy papers, no 220. OECD Publishing
Petrini C (2012) Ethical and legal considerations regarding the ownership and commercial use of
human biological materials and their derivatives. J Blood Med 3:87–96
Post R (2018) Data privacy and dignitary privacy: Google Spain, the right to be forgotten, and the
construction of the public sphere. Duke Law J 67(5)
Prins C (2006) Property and privacy: European perspectives and the commodification of our
identity. In: Guibault L, Hugenholtz PB (eds) The future of the public domain. Kluwer Law
International, Deventer, pp 223–257
Purtova NN (2011) Property rights in personal data: a European perspective. BOXPress BV,
Oisterwijk
Richards NM, King J (2014) Big data ethics. Wake Forest Law Rev 49:393–432
Sandel MJ (2013) What money can’t buy: the moral limits of markets. Farrar, Straus and Giroux;
Reprint edition (April 2, 2013)
Schermer BW, Custers B, van der Hof S (2014) The crisis of consent: how stronger legal protection
may lead to weaker consent in data protection. Ethics Info Technol 16(2):171–182
Schwartz PM (2004) Property, privacy, and personal data. Harv Law Rev 117(7):2056–2128
Smutny Z, Janoscik V, Cermak R (2017) Generation Y and internet privacy: implication for com-
mercialization of social networking services. In: Benson V, Saridakis G, Tuninga R (eds)
Analyzing the strategic role of social networking in firm growth and productivity. IGI Global,
Hershey, pp 95–119
Solove DJ (2013) Privacy self-management and the consent dilemma. Harv Law Rev 126:1880
Van Beers BC (2017) Imagining future people in biomedical law: from technological utopias to
legal dystopias within the regulation of human genetic modification technologies. In: Ambrus
M, Rayfuse R, Werner W (eds) Risk and the regulation of uncertainty in international law.
Oxford University Press, Oxford, pp 117–140
Van der Sloot B (2017) Legal fundamentalism: is data protection really a fundamental right? In:
Leenes R, van Brakel R, Gutwirth S, De Hert P (eds) Data protection and privacy: (in)visibili-
ties and infrastructures. Springer, pp 3–30
Whittington J, Hoofnagle CJ (2012) Unpacking privacy’s price. N C Law Rev 90:1327
Wisman THA (2019) The quest for the effective protection of the right to privacy: on the policy and
rulemaking concerning mandatory Internet of Things systems in the European Union. Ph.D.
thesis, Vrije Universiteit Amsterdam
Zuiderveen Borgesius FJ (2014) Improving privacy protection in the area of behavioural targeting.
Ph.D. thesis, UvA Amsterdam
Zwitter A (2014) Big data ethics. Big Data Soc: 1–6
Chapter 13
Trusted Computing Initiative
on the Spectrum of EU Cyber-Security
Legal Framework
Yianna Danidou
Abstract EU is admittedly investing into technological advancements that would

protect the users’ security, trust, and privacy, by funding privacy by design and pri-
vacy by default research and technologies. The legal framework seems unprepared
in dealing effectively with the rising sophisticated cyberattacks, therefore EU is
coping to improve the overall network and information security, along with data
protection, through the newly introduced and long anticipated General Data
Protection Regulation (GDPR) and the Network and Information Security Directive
(NIS). Trusted Computing (TC) is a technology that aims to protect the user, and the
integrity of her machine and her privacy against third-party users. To defeat security
threats, what is needed are “networks of security” rather than isolated security solu-
tions and “gated communities”. It was argued that technologies like TC can be used
to build secure networks and if adopted by Critical Infrastructures (CIs), to avoid
cascade effects in interdependent CIs, as well as to standardize components, to com-
ply with EU’s cybersecurity framework.
1 Introduction
As the Internet became a common place for online users globally and since the
Internet was not originally designed for this type of commercial activity, huge prob-
lems have been caused both regarding economy, but mainly concerning online
safety and the evolution of cybercrime (Gordon and Loeb 2002, 2006). Zittrain, in
his book with title “The future of the Internet and how to stop it” states that:
If the Internet had been designed with security as its centerpiece, it would never have
achieved the kind of success it was enjoying, even as early as 1988.
The basic assumption of Internet protocol design and implementation was that people
would be reasonable; to assume otherwise runs the risk of hobbling it in just the way the
Y. Danidou (*)
European University Cyprus, Nicosia, Cyprus
e-mail: y.danidou@euc.ac.cy

https://doi.org/10.1007/978-3-030-25579-4_13
278 Y. Danidou
proprietary networks were hobbled. The cybersecurity problem defies easy solution,
because any of the most obvious solutions to it will cauterize the essence of the Internet and
the generative PC (Zittrain 2008).
The Internet was not originally intended as a platform where people spend a
substantive percentage of their lives, engage in commercial activity on a large scale,
work, play and socialize, and interact in various forms with their governments. As
the Internet becomes more central to the lives of most people, it was inevitable that
criminals began to exploit its weaknesses to a much greater extent than before. At
one brief time, the main threat seemed to come from overenthusiastic teenagers
designing viruses, but the risks are now from highly organized criminal groups with
significant resources, both in terms of expertise and computing power (Hunton
2009). In addition, entire nation states can be subject to successful cyber-attacks
even on their Essential Infrastructures, possibly with the tacit approval or open par-
ticipation of foreign states, or at the very least “rough agencies” close to state secu-
rity agencies or the military. For example, the attack on the cyber infrastructure in
Georgia in August 2008 (Russia US-CCU Special Report 2009) or the attack on the
Iranian nuclear powerplant facilities through Stuxnet (Langner 2011; Andress
2014). Cyberthreats can originate from both state and non-state actors; motivations
can be profit, political and strategic, and the impact can be extensive, affecting gov-
ernments by interfering discreetly with internal democratic processes. WannaCry
ransomware attack in 2017 on the National Health Service of England pinpointed
the enormous scale a cyberattack can have, the severity of the impact, the interde-
pendencies between Critical Infrastructures (CIs)1 and countries, but most signifi-
cantly it showed the weaknesses and the reinforcement that is needed on the three
main pillars of resilience, deterrence, and defense (King 2017).
Major transformative developments, like Cloud Computing2 and the Internet of
Things (IoT), reshuffle the landscape of security (Vermesan and Friess 2015; Simon
2017; Maglaras et al. 2018). The human loses even more control (depersonaliza-
tion) (Schneier 2010), is even more taken out of the equation, and the power shift to
the software developers becomes even more complete. Networks that combine, in
addition to hundreds of millions of connections between desktops or similar devices,
will become networks of hundreds of billions of entities, increasing exponentially
in complexity. Security becomes, consequently, an even more interdependent net-
work of strong and weak links—an attack on a badly protected thermostat could
follow down communication lines to entirely different computer systems. At the
same time, vulnerabilities become even more threatening—hacking into my com-
puter to steal credit card details or spam people in my address book is one thing,
hacking into my car while I am driving and disabling the brake system is a very
different threat scenario. In other words, it is even more alarming if the attack is on
devices or infrastructures that are involved in life-saving functions.
1
For the different types of interdependencies between CIs, see Eusgeld et al. (2011).
2
See discussions on the appropriateness of using Cloud computing services in Critical
Infrastructures in Corn (2017) and Homeland Security (2017) and a discussion on the technical
barriers of using Cloud computing in CIs in Mackay et al. (2012).
13 Trusted Computing Initiative on the Spectrum of EU Cyber-Security Legal… 279
While private and public sector organizations are switching to new technologies
like Cloud Computing, things are riskier when referring to Cloud computing for CIs
and when viewed from a Critical Information Infrastructure Protection (CIIP) per-
spective (Dekker 2013). It has been characterized as a ‘double-edged sword’ since
cloud computing can deploy remarkable security and resilience measures, but at the
same time, if a security breach occurs, then millions of data will be exposed along
with their owners, and in the case of CIs, there will be widespread disastrous impact
on the activities of all interdependent infrastructures ranging possibly to other related
countries and their citizens as well. Interdependencies will be magnified under IoT
and cloud computing technologies, and should not be neglected because they also
cause mutual influences in failures and affect the calculated probability of occur-
rence of cascading failures (Eusgeld et al. 2011). Moreover, it has been claimed that
digital forensics on the cloud is a perplex issue that while it is a necessity in an era of
cyberattacks, it raises technical, legislative, and organizational challenges (Liveri and
Skouloudi 2016). The EU Member States have committed to protecting critical ICT
systems via the European Commission’s CIIP action plan by preventing large cyber-
attacks and cyber disruptions of critical ICT systems (European Commission 2009a).
EU has accelerated the development of its CyberSecurity and has implemented a
Strategy (EUCSS) showing the policy that the Union will follow to tackle with cru-
cial challenges and cybersecurity issues (European Commission 2013a), elaborat-
ing more in its recent digital agenda (European Commission 2015), yet being aware
that given the global and open nature of the Internet, the challenges cannot be
addressed fully. Cyberattacks are taking a new form—the one of advanced persis-
tent threats3 (Farwell and Rohozinski 2011; Tankard 2011), therefore the need for
detection, as well as mitigation of these attacks, is more imperative than ever. The
UK government recognizes the detrimental impact that a cyberattack can have on
the economy and the social well-being of the country (Cm7234 2007; Cm7948
2010; Office of Cyber Security and Information Assurance (OCSIA) and Detica
2011),4 and the effect of how nations deal with internet freedom and security. While
the legal system struggles to keep up with technology developments and their
enforcement and prosecution, the regulation through technology took increasingly
center stage (Lessig 1996; Yeung 2008; Yeung and Dixon-Woods 2010; Pagallo
2015). Rather than prosecuting crime, the focus shifted on communicating architec-
tures that make it impossible to commit crimes in the first place.
In hindsight, the development of the Internet might usefully have included secu-
rity as a design feature. Starting Internet’s development again from scratch is not a
feasible option, which means that any response is likely to be a patch added to the
existing system rather than a complete rebuild. Attempts to deal with the increasing
number of reported cyber crime incidents include more legislation, user training,
public awareness, and other technical security measures (Cm7642 2009).
3
Cyber attacks are characterized as advanced persistent threats due to their increased frequency,
sophistication, clear target, and coordination.
4
The Home Office minister Baroness Neville-Jones presented an estimation that cybercrime costs
UK £27bn each year in UK Cabinet Office and National security and intelligence.
280 Y. Danidou
Transactions over the Internet are perceived as high risk, and trust is mostly
needed in such cases of high risk (Mutz 2005). In the absence of interaction with
people who are validated as trustworthy, the risk is higher. With technology improv-
ing and upgrading online and offline, and as digital crimes increase, consumers
seem increasingly concerned regarding privacy and security, while researches iden-
tify that the primary goal to balance these is by winning public trust.
These concerns have been addressed by the research community in a number of
studies, using different indices that may affect individuals’ perception on trustwor-
thiness (Belanger et al. 2002; Schoorman et al. 2007). In the digital world currently
experienced every day, there are two evident conclusions:
• that the digital companies will need to find the measures to increase the trust and
security that they provide towards their users;
• technology solutions should be implemented to ensure, based on their carrying
features, protection over user’s trust, privacy, and security while transacting over
the internet.
However, the Internet will remain imperfect, and things will go wrong. Indeed,
the futile search for perfect security may ultimately do more harm than good, by
creating a misplaced sense of security in technology that might increase the use to
take greater risks. It is a fact that the cyberattack-related critical question is not how
it will happen, but when it will happen, and when it occurs, users (personal or orga-
nizational) need to be in resilient. It is of great importance to note that not only the
systems connected to the Internet are candidates for cyberattacks, systems can also
malfunction while not Internet-connected, possibly affecting the economy by the
downtime, the stability of the organization and even threatening human lives. This
is even more true in the case of CIs which are essential for the functioning of the
Member State’s society and economy.
Critical Infrastructures, as the name suggests, are systems or assets, vital for the
well-being of the citizens and their disruption can lead to undesired consequences.
National security, economic prosperity, and public health and safety depend on the
reliable functioning of critical infrastructures that cannot be secured independently
of one another, since they form a set of highly dependable infrastructures, especially
in modern societies. Interdependencies among diverse infrastructure systems that
can be either spatial or functional have grown dramatically over the past years
mainly as a consequence of a highly network society (Zimmerman 2004). Although
these interdependencies create several opportunities, they also form a “network of
networks” generating inherent vulnerabilities that are present in other network
structures and ultimately lead to widespread impact. The importance of safeguard-
ing these essential complex infrastructures is crucial and represents one of the most
central national security challenges that nations should confront, addressing at the
same time the interactions, interconnections,5 and interdependencies among
computer, communication, and power infrastructures. An example could be the
5
Such interconnections can be classified as physical, geographical, cyber, or logical (Rinaldi et al.
2001).
interdependencies between power and telecommunication infrastructures, or

between energy and transport infrastructures that if impacted, their failure can lead
to cascade effects affecting all supply networks, the community, and economic
prosperity (Varianou Mikellidou et al. 2017).
Physical security of critical infrastructures has been accepted to be an important
issue; however, during the last years, cyber vulnerabilities have been also a rising
threat (Ten et al. 2010) and specifically, failures on ICT are often catastrophic
(Zimmerman 2004).6 Key sectors depend highly on ICT, and CIs act as a “network
of networks” in the sense that infrastructures cannot be isolated and deal with the
security of each infrastructure separately—the aim should be at devising ways to
secure CIs based on their complex network nature. Repeated cyber intrusions into
critical infrastructures demonstrate the need for improved cybersecurity (The White
House 2013). Traditional IT solutions seem to be inadequate in dealing with severe
cyberthreats and cybervulnerabilities. It was argued that to defeat security threats
that are parasitic on the Internet structure, and with other words themselves (com-
plex dynamic networks) are typical for a DoS attack for instance, “networks of
security” are needed rather than isolated security solutions and “gated communi-
ties”. “Understanding the fragility induced by multiple interdependencies is one of
the major challenges in the design of resilient infrastructures” (Vespignani 2010).
In the same vein, prior research review suggests that new technologies and
frameworks should be developed to address the issue of security, trust, and privacy
(STP) assuring that data are safe while used over the internet, considering the large
number of vulnerabilities existing (Ab Manan et al. 2011). A mapping of the basic
technologies existing in cybersecurity and identification of research challenges have
been covered in (Kert et al. 2014). Here two paradoxes are presented—(a) organiza-
tions are reluctant in investing into security products because of high cost, however,
cheap security products do not seem to do the job—low cost and security are incom-
patible; and (b) IT people are more interested in releasing patches to fix software
errors mostly in terms of interface, while security experts need stability. What is
needed in the case of critical infrastructures is a new approach that will be stable and
resilient, and that provides security and reliability in different threat and failure
scenarios by analyzing the interdependencies and the coupling between these highly
dynamic systems (Eusgeld et al. 2011). Such an approach is called a complex sys-
tem. Security should be incorporated from the inception of the technology and
throughout the system development lifecycle (SDLC) of design, development, test-
ing, deployment, and not as a patch at a later stage. While security solutions and
technologies have been developed in an effort to deal with security, trust and privacy
issues, a unified solution has not been achieved, leading Service Providers,
Collaborators, and Trusted Third Parties to create an unstable and imbalance envi-
ronment for users (Ab Manan et al. 2011).
6
The three modes of malicious attacks on a power infrastructure are as follows: (1) attack upon the
system; (2) attack by the system; and (3) attack through the system (Amin 2002).
282 Y. Danidou
2 The TC Technology Under the NIS Directive
While computer systems have changed in nature and become more and more ubiq-
uitous, many technical challenges came into sight and led to the realization that
system designers must proceed to design new computing systems that offer a higher
amount of trust than the currently implemented ones. Especially in the case of CIs
where the impact of a cyberattack will be enormous and can affect other infrastruc-
tures and create cascade effects. Threats to CIs span from electronic, radio-frequency
to computer-based attacks on the information components that control the CIs
(Simon 2017). Prevention of denial of service (DoS), the performance of access
control and monitoring and the achievement of scalability are just some of the
numerous technical challenges that need to be overcomed by the current distributed
systems. The need for such a platform becomes more imperative by the recognition
that it is insufficient to rely on users taking the necessary precautions to protect their
systems themselves (by frequently updating firewalls and anti-virus systems) and
that the threats and attacks have amazingly increased because of automated attack
tools, proliferation of vulnerabilities, and increased mobility of users (Berger 2005;
Kraemer et al. 2009). CERT Coordination Center has reported the extremely large
amount of vulnerabilities catalogued until 2017 (CERT 2018).
Furthermore, it has been found that software-only security mechanisms cannot
provide sufficient protection for the whole system (Berger 2005). A related problem
are existing unsecured operating systems that currently do not provide single appli-
cation isolation—thus reducing to the minimum the platform security level—which
is found in diverse environments following the same security requirements.
In addition to the increasing security threats, the ease with which to write and
spread malicious code (even ubiquitously), the vast number of Internet connected
devices along with the substantial use, and incredible evolution of the Internet dur-
ing the last 18 years (IWS 2018), have led to the conclusion that systems with
increased security, high confidentiality, integrity, non-repudiation, high-availability,
and authenticity should be deployed (Oppliger and Rytz 2005). Thus, the three basic
conditions that a trusted environment, in the computer science sense, must fulfill
are: protected capabilities; integrity measurement; integrity reporting, all creating
and ensuring platform trust (Burmester and Mulholland 2006). Systems covering
these aspects are described as “trustworthy” (Burmester and Mulholland 2006).
Achieving the ideal unified and balanced framework is supposed to include STP
policies, technologies, processes, and legal aspects all blended together to present
the optimal trusted environment. As a step towards the success of a holistic system
that promotes and assures security, trust and privacy in all levels, computer scien-
tists, architects, engineers, designers, and developers from large market players
have reached to the decision that Trusted Computing (TC)7 is the ideal environment,
7
Back in 2003, the Trusted Computing Group (TCG) (formerly known as the Trusted Computing
Platform Alliance (TCPA))—a non-profit organization—formed an alliance of promoters like
AMD, Hewlett-Packard (HP), IBM, Intel Corporation, Microsoft, Sun Microsystems Incorporation,
Fujitsu Limited, and of contributors like Canon, Dell, Erickson, Google, Oracle, Samsung, and
many more; initiated the Trusted Computing (TC) project.
comprised of hardware and software that can address all the issues. The Trusted
Computing Group (TCG) works on the creation of a new computing platform that
would provide enhanced trust to the current platform and aims to develop, define,
and promote standards to achieve higher security levels for the Information
Technology (IT) infrastructure between multiple platforms, devices, and networks
(Berger 2005).
Internet security is a big problem, and since it is a complex dynamic network,
companies or individuals cannot protect themselves only without caring what hap-
pens outside of their small sphere of influence (Guadamuz 2013). Trying to deal
with individual threats, one at a time, while ignoring that the main security threats
match the structure of the network, so that taking out one node at a time, would not
be successful. TC emerged as a possible solution to this dilemma. It promises to
take the weakest link in the security chain—the individual PC user—out of the
equation and shift the power of securing personal computers to organizations like
TCG. It also promises to “build up” secure networks in the same way the Internet
itself operates—that is, as a complex dynamic system of mutually assured trustwor-
thiness. TC tries to build complex dynamic trust networks “bottom up”, without
central, let alone state, oversight or control. If social trust relations in complex mod-
ern societies also organize themselves in dynamic complex networks, and if security
“travels along” the trust edges in this network—because people only trust those
whom they can securely trust, those who are “trustworthy”—the result would be an
environment with ubiquitous security, which is the ultimate aim of the Trusted
Computing Initiative (TCI). As mentioned above, to defeat security threats that are
parasitic on the Internet structure, “networks of security” are needed rather than
isolated security solutions and “gated communities”. In the case of TC in particular,
this requires networks of trust relations that are isomorphic to the structure of the
Internet and where CIs are involved an alloy of correctness, reliability, security,
privacy, safety, and survivability should be present (Schneider 2000).
While TC tries to make using the Internet more secure, it is not what is techni-
cally known as “secure computing” (Proudler et al. 2014). Proudler draws the dis-
tinction like this:
• “Secure” is a classification, the result of an assessment to determine that an item
does exactly what it is supposed to do, nothing more and nothing less.
• Something can be trusted if it behaves as expected.
• Something is trustworthy if its behavior is predictable.
The proponents of TC suggest that Trusted Computing promises to provide four
crucial advantages: reliability, security, privacy, and business integrity. Thus, these
guarantee a system that will be available when in need, that will resist any attack
once protecting the system itself and the data, that will give the demanded privacy
to the user, and finally that provides to businesses the ability to interact effectively
with their customers. This proposition is extremely important in terms of CIs, since
downtime or even a cyberattack can cause significant disruption of services with a
long lasting wide impact, economic damage, and even loss of human life.
284 Y. Danidou
Also, TC will provide protection from viruses as check will be applied to all files
trying to “enter” the system. This is to be done through structuring new applications
that give new possibilities to the owners of computer systems and/or end users. One
of them is that a TC system can detect files that are unauthorized, such as pirated
software, or viruses, and delete them remotely. This means that TC could be used to
restrict access to any suspicious file. This approach is not uncontroversial. Content-
owning businesses may wish to prevent end-users doing particular things with files;
and employers may wish to control employees’ ability to access and/or distribute
information across corporate networks, and so support this functionality. CIs are
highly interconnected and mutually dependent in many complex ways, both physi-
cally but also in a technological way through the exchange of information and com-
munication technologies (ICT). This leads to the obvious conclusion that what
happens in one infrastructure can directly or indirectly affect other infrastructures
presenting a number of challenges and complexities (Rinaldi et al. 2001).
Currently, TC is a composite of five main components: the ‘Fritz’ chip; a ‘cur-
tained memory’ in the CPU; a security kernel in the operating system; a security
kernel in each TC application; and a back-end infrastructure of online security serv-
ers. Safford stated that TC architecture supports two important security functions
(Safford 2002a):
• Secure storage of the key pairs generated, along with public key signatures, veri-
fications, encryptions and decryptions; and
• System software integrity measurement.
Minimum functionality which is necessary to describe the properties that influ-
ence the trustworthiness of a computing environment is represented by Roots of
Trust8 (Burmester and Mulholland 2006). There are three core Roots of Trust:
• a root of trust for measurement (RTM)
• a root of trust for storage (RTS)
• a root of trust reporting (RTR).
For any misbehavior within the system to be detected, all three Roots of Trust
must be trusted. Roots of Trust are expected to function correctly without any exter-
nal interactions. In conjunction with the Trusted Building Blocks (TBB), Roots of
Trust achieve trust, while measurement, storage, and reporting are done with mini-
mal configuration (Burmester and Mulholland 2006).
TC aims to allow the computer user to trust his own computer and for third parties
to trust that specific computer (Lipson 2002). Having said that CIs are interconnected
and interdependent relying on ICT which are aimed to secure, TC seems like an excel-
lent candidate to protect each information and technology system individually but also
to allow other systems to trust it as well. TC tries to build complex dynamic trust net-
works “bottom up”,9 without central, let alone state, oversight, or control. In a related
study, the author articulated that if social trust relations in complex modern societies
A Root of Trust is a hardware component to help protect viable configurations.

8
Using base elements to build up a larger system.

9
also organize themselves in dynamic complex networks, and if security “travels along”
the trust edges in this network—because people only trust those whom they can
securely trust, those who are “trustworthy”—the result would be an environment with
ubiquitous security, which is the ultimate aim of the TCI.10 It has been shown that the
TC network will only work when in addition to security and techno-trust, also legally
enabled social trust “runs along” the edges that connect the nodes of the network. That
is, if for any two connected nodes in the TC network, the parties can trust each other
in the computer science sense, and have as a fallback a shared trust in institutions that
can apply legal sanctions; it has been argued that will get dynamic complex networks
that are isomorphic to the communication network of the Internet (Danidou 2015).
TC’s idea is to keep keys secret with the use of a digital encryption and signature
device. In addition, it prevents identity theft and unauthorized access to personal
data on the user’s own device, while connected to the internet or to any other net-
work (Carroll et al. 2002). This makes the compromization of the crown jewels of
any company, even harder for malicious intruders. Overall, what this platform pro-
vides to the user is: protection to personal data, to sensitive communications and to
e-commerce transactions, from attack to either the system’s software or to a net-
work’s software.
TCG proposed a technology that makes use of four main features. Along with
these, new hardware installation on existing PCs is required. These features can
work individually, but can also work in conjunction with each other.
2.1 Memory Curtaining
This refers to a “strong, hardware-enforced memory isolation feature” (Schoen 2003)

to avoid reading and writing memory between several programs. In TC, the operating
system should have access to this type of memory, so if an adversary enters the oper-
ating system it would not be possible for him to enter and interfere with any program
and its memory. The advantages of using a hardware feature instead of software—
which could operate in a similar fashion—are the: backwards compatibility; the reus-
ability of code; and the fact that fewer changes need to be made to hardware drivers
and application software (Burmester and Mulholland 2006).
2.2 Secure I/O
This provides a secure hardware path from the keyboard or mouse (i.e., the user) to
an application and vice versa. By doing this, none of the software programs will
know what the user typed as a command or input to another program and how the
application responded. Protection from physical attacks is provided and any
10
See more in Danidou (2015).
286 Y. Danidou
programs that intentionally “corrupt, modify, or mislead the user, will be prevented
from running or operating” (Burmester and Mulholland 2006).
2.3 Sealed Storage
Until recently, any keys and passwords used by applications were stored locally on
the hard-drive. This was not so secure, because keys could be accessible by any
intruder or virus. Thus, it is important to ensure that only legitimate users can access
these valuable and secret data. This is exactly what sealed storage does. It is charac-
terized as “an ingenious invention that generates keys based in part on the identity
of the software requesting to use them and in part on the identity of the computer on
which that software is running” (Schoen 2003).
Furthermore, sealed storage can cooperate with memory curtaining and secure
I/O to ensure that a user’s data can be read on their computer, and only by the par-
ticular computer that were initially created on. If a different application than the one
that was originally used to create the data tries to decrypt or unseal the data, the
operation will end up in failure.
2.4 Remote Attestation
This aims to allow “unauthorized” changes to software to be detected. It remotely

traces any changes made to any application and allows a third party to decide
whether the platform is considered trustworthy (Reid et al. 2003). This feature helps
to prevent the sending of data to or from a compromised or untrustworthy computer
and certifies that no unauthorized program installs, updates or that modifications are
made in the hardware or software on the user’s machine. Moreover, “this allows an
entity to authenticate the software configuration of a platform that is not under its
control” (Reid et al. 2003). This is the most significant of all features mentioned.
TCG provides protection to sensitive authentication information from attacks by
hackers and this is achieved by providing protection to the user’s private key. In addi-
tion, by sealing the master encryption key under a TCG register, it is possible to protect
a user’s sensitive files and data (Safford 2002b). By extending this analogy to critical
infrastructures systems, the huge benefits that TC has to offer can be easily observed.
3 Privileged Access Management
Privileged access management (PAM) is said to help the Operators of Essential

services (OES) and digital service providers to respond to the compliance regula-
tions laid out in the NIS directive (European Commission 2016). Security policies
should be enforced for the prevention, detection and incident reporting. For PAM to
work properly and comply with NIS, there should be tracking of all access and ses-
sions by privileged users in the IT network, and should also provide the IT admin-
istrator with complete visibility of the access rights and activities done using the
network, monitor internal and external access to the system and resources, real-time
detection of malicious activity, and log traceability for audit reporting.
TCG was formed as a result of the concerns on data exposure on systems; system
compromise as part of software attack; and lack of methods to prevent identity theft
(Berger 2005; TCG 2006). TC is an idea which has evolved from the need to address
these issues with security solutions that will mitigate the risks and dangers; and help
to increase data management and identity security. Furthermore, it aims to protect
the software and data in computer platforms (servers, desktops, laptops, PDA’s,
mobile phones, and many more) (Proudler 2005) from external attacks and physical
theft and hopes to improve security for remote access.
TC aims to add on computer hardware’s functionality to “enable entities with
which the computer interacts to have some level of trust in what the system is doing”
(Mitchell 2008). This protection is provided by implementing isolated execution
environments where software and data will be protected from any interference—not
just by third parties but also the owner of the computer. Trusted platforms provide
such environments and define the applications that will be permitted to operate on
selected data (Proudler 2005). TC also addresses the issue of privilege escalation by
preventing access to parts of the system that are not needed for the operation of
another—a security problem that has been observed in Windows operating systems.
Privilege Escalation essentially means that a computer is only as secure as its weak-
est link. Once a bug or configuration oversight in one component was identified and
the component taken over by an adversary, it was often possible to gain elevated
access to resources that are normally protected from an application or user and thus
control the entire machine. TC restores the ability to trust a computer by reducing
this complex interaction—to be trusted, operations have to show that they are unhin-
dered. Additionally, trusted platforms can offer assurances about their behavior both
in hardware and software (Gallery 2008).
As the author’s most recent research reveals, ‘Trust’ has different interpretations
in different disciplines (Danidou 2015)—relevant for “techno-trust” is the definition
of trusted systems according to RFC 2828 (Shirey 2000), and discussed further by
Balacheff et al. (2000) and Mitchell (2008). Thus, Trusted Systems are systems that
can be relied upon to perform certain security policies in an expected manner and in
the sense of behavioral consistency: TC “refers to a computer system for which an
entity has some level of assurance that (part or all of) the computer system is behav-
ing as expected” (Mitchell 2008) for a particular purpose. The outcome ultimately
would be to allow the user to ‘blindly trust’ his computer again, without a constant
need for self-monitoring.
A very concise account of how Trusted Systems give rise to trust networks was
recently given by Rosinger and Beer within the project “Smart Nord”, which aims at
providing a multi-agent infrastructure for the electric grid of the future. In this com-
plex market, the relevant actors (electricity consumers, producers, storage facilities,
288 Y. Danidou
etc.) are represented by autonomous software agents (Rosinger et al. 2013). These
agents coordinate their activities and thus can give rise to self-organizing alliances
and conglomerates.
In the process of forming coalitions, several factors need to be considered by the
software to decide “whom to talk to”. One of them is the decision if another agent
or machine can be trusted. The very same mechanism that will enable “benevolent”
agents of consumers to build a coalition that then negotiates a bulk discount with a
supplier can also be used to form a Denial of Service attack against that very sup-
plier if the agents are malevolent or infected. A model of “trust” then becomes
central for the attempt to ensure network security—TC as a security service.
The core of the TCI hardware is the protocol that implements attestation, known
as Direct Anonymous Attestation (DAA). From its name, the basic logic of the ini-
tially planned protocol is derived, which implied:
• proof without a Trusted Third Party (TTP) involvement (Direct);
• non-disclosure of the identity of the signer (Anonymous);
• requirement of statement or claim from a TPM (Attestation).
It is capable of “remotely prov[ing] that a key is held in some hardware device
and provid[ing] a strong authentication combined with privacy protection”
(Camenisch 2004). The DAA is standardized by the Trusted Computing Group and
implements several applications, such as use of a cryptographic key for authentica-
tion of the OS as secure, secure access to networks and services, and ease of key
management in companies.
4 Standards, Policy, and Regulation
While the cyber threats landscape is fundamentally changing, a steep rise in hostile
cyber intrusions and unauthorized network breaches is observed. In the face of this
security storm, where EU’s infrastructure has also been affected, the cyber legal and
regulatory landscape is rapidly evolving and is now found consistently at the top of
political agendas. Efforts have been made to implement cyber-oriented laws and
regulations while adapting to the new shifting environment. EU has admittedly
committed into protecting the essential interests of its own security, to safeguard
public policy and public security, and allowing the investigation, detection, and
prosecution of criminal offenses. Moreover, the new EU cybersecurity package
examines how to build EU resilience to cyberattacks, how to create effective EU
cyber deterrence, and how to strengthen international cooperation on cybersecurity
(European Commission 2018). EU aims for sustainable development are to develop
quality, reliable, sustainable, and resilient infrastructure.
In this vein, of combating cybercrime while boosting security, regulating the
Internet through cybersecurity strategies, protecting networks and information sys-
tems, as well as data stored or processed on those systems; regimes like the Directive
on Security of Network and Information Systems (NIS Directive) (European
Commission 2016) and—the very much anticipated—General Data Protection

Regulation (GDPR) (European Parliament 2016) have been adopted. Their impor-
tance to the economy and to the society has been acknowledged in direct relation to
the increased security incidents that pose a major threat to network and information
systems and to the Internet itself.
Both GDPR and NIS are influential and of course valuable in terms of cyberse-
curity, containing security requirements and incident reporting obligations, and
should be seen, as a positive opportunity to blow the wind of change. However, the
NIS directive is focusing on essential services infrastructures that are depending on
technology and attempts to ensure resilience to cyberattacks by including the
requirement for prevention of incidents, while GDPR ensures confidence in pro-
cessing personal data. NIS concentrates on the protection of the network and infor-
mation systems in terms of security and acts to ensure confidence in technology.
Essential services are observed to have lower level of cybersecurity capabilities and
resilience, and NIS directive is a step taken forwards.
Here comes the big question: how can essential services gather and consolidate
all the security artifacts to leverage detection and prevention of incidents in the new
IT environment? It is argued that the right mix for cyber resilience, is a combination
of people, processes and technology. To elaborate more, this points out that even if
you have the most secure system available, it is useless if an employee is sharing his
passwords on phishing websites allowing third parties to attack the system.
Moreover, here comes another important parameter—the one of education, not only
for technical people, but also equally for non-technical people who however are
involved in cybercrime one way or another, e.g. Law enforcement agency officers
(LEAs). State of the Union Factsheet on cybersecurity has revealed that despite the
growing threats, awareness and knowledge of cybersecurity issues is still insuffi-
cient and numbers show that 51% of EU citizens feel completely or not adequately
informed on cyber threats while 69% of companies have no or basic understanding
of their cyber exposure to cyber risks (European Commission 2017).
Since different Member States have different degree of preparedness and cyber-
security maturity, bringing the Union—as a whole—at stake, the need for common
EU-wide legislative tool imposing global minimum requirements and obligations—
on both essential services operators and digital service providers—should be laid
down targeting to coordinate prevention, detection, mitigation, and response to pos-
sible cyber attacks. In particular, the NIS directive is the first piece of EU legislation
that aimed at improving cybersecurity throughout the Union, minimizing the asym-
metry in the preparedness of EU Member States, and covering on one hand the
operators of essential services (OESs), while on the other hand, digital service pro-
viders (DSPs). NIS has been adopted to overcome the lack of a common European
framework, the fragmented participation into agreements at international or national
level, and as a legal instrument to address the challenges of cybercrime and security
in cyberspace, paving the way for stronger cooperation and dissemination of exper-
tise between Member States (European Political Strategy Centre 2017). NIS is
directing EU Member States to ratify their own laws and regulations internally
while meeting other requirements as well. The digital infrastructure sector is the one
290 Y. Danidou
most effected and the three main initiatives discussed in the NIS directive are gov-
ernance at national level, mandatory information sharing between Member States
and reporting of incidents of significant impact. Although up to 2013 when the first
version of NIS was proposed, the Directive of Electronic Communications was
imposing security and reporting obligations on electronic communications provid-
ers for telecom providers and data controllers (European Commission 2009b), the
NIS Directive of 2016 has extended the reporting obligation to all relevant public
and private actors involved in essential infrastructures.
In Article 14, the NIS directive requires OES and DSPs to:
• take appropriate technical and organizational measures to secure their network
and information systems;
• take into account the latest developments and consider the potential risks facing
the systems;
• take the appropriate measures to prevent and minimize the impact of security
incidents to ensure service continuity; and
• notify the relevant supervisory authority of any security incidents having a sig-
nificant impact on service continuity without undue delay (European Commission
2016).
5 Essential Operators Identification
NIS calls Member States to transpose its requirements into national legislation and
decide which operators will be categorized under the ‘essential services’ following
specific criteria proposed by ENISA, creating a disparity in the operators between
the States. The identification of Essential Services Operators (ESOs) should be re-
evaluated by Member States, every two years. The diversity of interpretation may
mean that NIS will not be applied to the same operators across the EU, which poses
a significant problem to the overall consistency of the NIS application (BBVA 2016;
Kaskina 2017; Kalis 2018). Moreover, NIS will neither be applied to small and
medium enterprises (SMEs) nor to software and hardware manufacturers, therefore
becoming the weakest link in the chain.
Setting minimum security measures or reporting obligations has also been criti-
cized since it may lead to companies becoming an easy target for cybercrime espe-
cially if they are not obliged to comply (BBVA 2016). Further, the broadness of this
EU-wide approach is hesitantly seen by legal scholars, warning that since each
Member State will set their own laws and regulations, it is expected that each individual
Member State will comprehend and implement NIS in a different way—probably on
a different level of strictness, lacking cybersecurity policy cohesion throughout EU,
thus creating fragmentation, policy confusion and compliance problems, jeopardizing
the NIS’s initial target (BBVA 2016; Joe Stanganelli 2018; Kalis 2018).
This problematic selective targeting can be vanished using technologies like
Trusted Computing (TC), where all companies will be under the same digital
security standards and therefore, all will need to meet the same criteria to form a
holistic secure system that will eventually minimize cybercrime.
6 Security Requirements and Incident Notification
In an effort to increase cybersecurity awareness in the EU and to identify new vul-

nerabilities in a world of rapidly evolving cyberthreats, the Directive opens a chan-
nel for reporting even the smallest significant incidents11 “without undue delay”.
Mandatory incident reporting for digital service providers and essential service pro-
viders (Art. 14 NIS Directive), will help to better identify the challenges within the
sector and propose relevant mitigation measures based on facts and figures. Yet, it is
considered a thorny and controversial requirement since it has an impact on the
continuity of core services but also affects regulatory steps to be taken.
Law enforcement authorities should be aware of any major incidents in essential
services operators and digital service providers to tune the legal responses appropri-
ately. It is imperative to note that for a case to follow the legal route, there should be
investigation forensics and information sharing and coordination between the
Member State authorities, the private sector, and other stakeholders. For an effective
incident reporting mechanism, a permanent public-private dialogue should be main-
tained, and industry should be give the incentives to promote reporting. The report-
ing requirement has not been welcomed by the industry who fears that this carries
the risk of reputational damage that will also affect consumer confidence.
Critical infrastructures as interdependent which means that an incident in one
sector will affect other critical sectors as well, possibly impacting their core activi-
ties. Further, it has been scrutinized that there is neither guidance on the overlapping
reporting obligations in a number of authorities and under many categories of regu-
lations, nor the fact of overlapping to various local or international regulators that
can demand the same responsibilities between entities, trickle the effectiveness of
the regulations and increase the economic cost and complexity for businesses and
governments (BBVA 2016). The mandatory hands-on approach has been added in
the NIS directive as it is believed to “bring the most effective security as resilience
by incentivizing through obligations and sanctions” (Christou 2016). Devising the
most practical way for incident reporting implementation and compliance, has been
a brain teaser, to allow homogeneous reports between Member States. What also
remains a challenge is the legality of these reports especially when incidents involve
the use of personal data and should be used to enhance private and public compa-
nies’ collaboration. BBVA research report has suggested using internationally rec-
ognized standards certification to ensure all Member States are under the same cubit
(BBVA 2016).
The significance of an incident can be determined based on specific parameters Art. 16 (4)
11
(European Commission 2016).

292 Y. Danidou
7 C
onsistent Mandatory Information Sharing Between
National Authorities of Member States
Digital Service Providers (DSPs), in the context of the NIS directive, are narrowed
down to three categories: online marketplaces (excluding intermediary to third-
party services), online search engines, and cloud computing services, which under
the NIS directive, are required to ensure a secure and trustworthy digital environ-
ment throughout the EU. Apart from benchmarking and best practices sharing,
another initiative of the NIS, requests private and public field players to perform risk
management and share information with the national NIS authorities and other
involved actors, like CERTs, law enforcement agencies and industry, bridging the
gap between these players and facing the complexity of cyber incidents and their
mitigation. Many essential service operators are operated by private companies, or
public-private partnerships (PPP), therefore EU and Member States should develop
and adhere to public policies taking into consideration the diversity of actors intro-
duced in the new cyber landscape at all levels (European Political Strategy Centre
2017). Information sharing is said to enhance best practices exchange between
Member States and will boost CSIRT network and cooperation networks, ultimately
raising awareness in the private sector and cultivating a culture in cybersecurity.
In the EU, information-sharing networks covering critical infrastructures are still
under development, while the demand for such networks is clearly rising. According
to the Directive that encourages benchmarking, attention should be paid to preserve
informal and trusted channels of information sharing between the market operators,
and between the private and public sectors to maintain a sufficient protection across
the EU (European Commission 2013b). Information sharing initiative has not been
uncontroversial either since it has been argued that it could harm the public–private
sector dialogue by imposing a top-down obligation to report (Christou 2016). Yet, it
aims at improving the Internet security and private networks and information sys-
tems on which the digital society depends on. In the cases where incidents result in
personal data breach or the information to be shared processes personal data in any
way, then the GDPR should be considered in close cooperation with the Data
Protection Authorities (DPA).
8 Conclusions
Our era has been characterized by an extensive use of digital technologies and the
Internet in our everyday tasks. The centralized nature of the Internet initiates a num-
ber of issues related to online safety, privacy, data protection, and cybercriminality.
EU seems determined to improve its cybersecurity and resilience to attacks protect-
ing in this way the economy, the critical infrastructures that affect the public policy
and public security, and more generally, the well-being of the Member States and
their core activities.
New technologies used in critical infrastructures are based on the network struc-
ture, like Cloud computing and virtualization affecting severely essential infrastruc-
tures of Member States, sometimes even leading to collapse of interdependent
infrastructures. It is significant for these technologies to be aligned with the EU
frameworks for cybersecurity and strengthen the three main pillars of resilience,
deterrence, and defense. It has been argued that these should incorporate security,
trust, and privacy by design, and a step towards the success of a holistic system that
promotes and assures these parameters is the Trusted Computing technology. The
criticism that TC has gone through has been discussed earlier and the author has
attempted a parallel read of the features of TC and how these are mirrored in the
Critical Infrastructure reality and in the NIS directive provisions. TC—has been
argued—is a possible way to confine cyberthreats while boosting security.
Particularly, it has been argued that secure and interoperable interfaces among
different critical infrastructures could be developed using the TC initiative to pre-
vent from cascading effects. Moreover, in our view, if a convergence of safety and
security standards could be established, since TC can offer standardization of some
components, then it would be possible to achieve certifications; but most impor-
tantly, if technologies like TC are adopted by Critical Infrastructures, given the
interdependencies that these present and the network trustworthiness, security, and
privacy the TC can offer, then this would make TC the optimal trusted environment
for more cyber-resilient critical infrastructures.
References
Ab Manan J-L, Mubarak MF, Isa MAM, Khattak ZA (2011) Security, trust and privacy–a new
direction for pervasive computing. Inf Secur:56–60
Amin M (2002) Security challenges for the electricity infrastructure. Computer (Long Beach
Calif) 35:supl8–supl10. https://doi.org/10.1109/MC.2002.1012423
Andress J (2014) Cyber warfare techniques, tactics and tools for security practitioners, 2nd edn.
Syngress, an imprint of Elsevier, Waltham
Balacheff B, Chen L, Pearson S et al (2000) Computing platform security in cyberspace. Inf Secur
Tech Rep 5:54–63. https://doi.org/10.1016/S1363-4127(00)87631-1
BBVA (2016) The Network and Information Security (NIS) Directive. Part 2 of 2. Digit Econ
Outlook
Belanger F, Hiller JS, Smith WJ (2002) Trustworthiness in electronic commerce: the role of pri-
vacy, security, and site attributes. J Strateg Inf Syst 11:245–270
Berger B (2005) Trusted computing group history. Inf Secur Tech Rep 10:59–62. https://doi.
org/10.1016/j.istr.2005.05.007
Burmester M, Mulholland J (2006) The advent of trusted computing: implications for digital
forensics. In: Proceedings of the 2006 ACM symposium on applied computing. ACM Press,
Dijon, pp 283–287
Camenisch J (2004) Better privacy for trusted computing platforms. In: Samarati P, Ryan P,
Gollmann D, Molva R (eds) Computer security – ESORICS 2004. Springer, Heidelberg,
pp 73–88
Carroll A, Juarez M, Polk J, Leininger T (2002) Microsoft Palladium: a business overview.
Microsoft Press Release
294 Y. Danidou
CERT (2018) Vulnerability notes. https://www.kb.cert.org/vuls. Accessed 25 Jun 2018

Christou G (2016) Cybersecurity in the European Union
Cm7234 (2007) The Government reply to the fifth report from the House of Lords Science and
Technology committee
Cm7642 (2009) Cyber Security Strategy of the United Kingdom safety, security and resilience in
cyber space. 26
Cm7948 (2010) Securing Britain in an age of uncertainty: the strategic defence and security review
Corn T (2017) A new era for critical infrastructure: IT Security. In: CSO – Resour. Data Secur.
Exec. https://www.cso.com.au/article/621183/new-era-critical-infrastructure-it-security/.
Accessed 25 Jul 2018
Danidou I (2015) Trusted computing or trust in computing?: legislating for trust networks.
ProQuest Dissertations Publishing
Dekker MAC (2013) Critical cloud computing – a CIIP perspective on cloud computing services.
Eur Netw Inf Secur Agency 33
European Commission (2009a) Communication from the Commission to the European Parliament,
the Council, the European Economic and Social Committee and the Committee of the Regions
on Critical Information Infrastructure Protection. “Protecting Europe from large scale cyber-
attacks and disruptions: enhancing preparedness, security and resilience”. COM 149 Final
European Commission (2009b) Directive 2009/140/EC of 25 November 2009 amending Directives
2002/21/EC, 2002/19/EC and 2002/20/EC. Off J Eur Union L 337:37–69
European Commission (2013a) Cybersecurity strategy of the European Union: an open, safe and
secure cyberspace. European Commission
European Commission (2013b) Proposal for a Directive of the European Parliament and of the
Council concerning measures to ensure a high common level of network and information secu-
rity across the Union. 0027:
European Commission (2015) Cybersecurity. https://ec.europa.eu/digital-agenda/en/
cybersecurity#Article
European Commission (2016) Directive (EU) 2016/1148 Of The European Parliament And Of The
Council - of 6 July 2016 - concerning measures for a high common level of security of network
and information systems across the Union. European Parliament and of the Council
European Commission (2017) Factsheet State of the Union 2017
European Commission (2018) Joint communication to the European Parliament and the Council -
Resilience, Deterrence and Defence: Building strong cybersecurity for the EU
European Parliament (2016) Regulation (EU) 2016/679 of the European Parliament and of the
Council – of 27 April 2016 – on the protection of natural persons with regard to the process-
ing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
(GDP). European Parliament and of the Council
European Political Strategy Centre (2017) Building an effective European cyber shield. Eur Comm
16. https://doi.org/10.2872/955505
Eusgeld I, Nan C, Dietz S (2011) “System-of-systems” approach for interdependent critical infra-
structures. Reliab Eng Syst Saf 96:679–686. https://doi.org/10.1016/J.RESS.2010.12.010
Farwell JP, Rohozinski R (2011) Stuxnet and the future of cyber war. Surviv Glob Polit Strateg
53:23–40
Gallery E (2008) Who are the TCG and what are the trusted computing concepts? TRUST2008
Gordon L, Loeb M (2002) The economics of information security investment. ACM Trans Inf Syst
Secur 5:438–457. https://doi.org/10.1145/581271.581274
Gordon L, Loeb M (2006) Economic aspects of information security: an emerging field of research.
Inf Syst Front 8:335–337. https://doi.org/10.1007/s10796-006-9010-7
Guadamuz A (2013) Networks, complexity and internet regulation scale-free law. The University
of Edinburgh
Homeland Security (2017) Risks to critical infrastructure that use cloud services
Hunton P (2009) The growing phenomenon of crime and the internet: a cybercrime execution and
analysis model. Comput Law Secur Rev 25:528–535. https://doi.org/10.1016/j.clsr.2009.09.005
IWS (2018) World Internet Users Statistics and 2018 World Population Stats. https://www.inter-
networldstats.com/stats.htm. Accessed 25 Jun 2018
Pieter Kalis (2018) NIS Directive – update for the Netherlands – Leiden Law Blog. In: 31/01/2018.
http://leidenlawblog.nl/articles/nis-directive-update-for-the-netherlands. Accessed 16 Jun 2018
Kaskina BB (2017) How the European Union is tackling cybersecurity: a look at the NIS directive.
ITU News, 1–12
Kert M, Lopez J, Markatos E, Preneel B (2014) State-of-the-art of Secure ICT landscape
King J (2017) Commissioner King’s speech at the EU Cybersecurity Conference “Digital Single
Market, Common Digital Security 2017”, 15 September 2017, Tallinn, European Commission.
https://ec.europa.eu/commission/commissioners/2014-2019/king/announcements/commis-
sioner-kings-speech-eu-cybersecurity-conference-digital-single-market-common-digital-secu-
rity_en. Accessed 28 Jun 2018
Kraemer S, Carayon P, Clem J (2009) Human and organizational factors in computer and informa-
tion security: pathways to vulnerabilities. Comput Secur 28:509–520. https://doi.org/10.1016/j.
cose.2009.04.006
Langner R (2011) Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur Privacy 9:49–51.
https://doi.org/10.1109/MSP.2011.67
Lessig L (1996) The zones of cyberspace. Stanford Law Rev 48:1403–1411
Lipson HF (2002) Tracking and tracing cyber-attacks: technical challenges and global policy issues
Liveri D, Skouloudi C (2016) Exploring cloud incidents. Eur Netw Inf Secur Agency 1–14
Mackay M, Baker T, Al-Yasiri A (2012) Security-oriented cloud computing platform for
critical infrastructures. Comput Law Secur Rev 28:679–686. https://doi.org/10.1016/J.
CLSR.2012.07.007
Maglaras L, Drivas G, Noou K, Rallis S (2018) ICST Transactions Preprint NIS directive: The
case of Greece
Mitchell CJ (2008) What is trusted computing? In: Mitchell CJ (ed) Trusted computing. The
Institution of Engineering and Technology (IET), London, pp 1–10
Mutz DC (2005) Social Trust and E-Commerce: experimental evidence for the effects of social
trust on individuals’ economic behavior. Public Opin Q 69:393–416. https://doi.org/10.1093/
poq/nfi029
Office of Cyber Security and Information Assurance (OCSIA), Detica (2011) The cost of cyber
crime. 28
Oppliger R, Rytz R (2005) Does trusted computing remedy computer security problems? IEEE
Secur Priv 3:16–19. https://doi.org/10.1109/MSP.2005.40
Pagallo U (2015) Good onlife governance: on law, spontaneous orders, and design. In: The onlife
manifesto. Springer, pp 161–177
Proudler G (2005) Concepts of trusted computing. In: Mitchell CJ (ed) Trusted computing. The
Institution of Engineering and Technology (IET), London, pp 11–27
Proudler G, Dalton C, Chen L (2014) Trusted computing platforms: TPM2.0 in context, 1st edn.
Springer
Reid J, González Nieto JM, Dawson E, Okamoto E (2003) Privacy and trusted computing. In:
Proceedings of the 14th international workshop on database and expert systems applications
(DEXA’03). IEEE, Washington, pp 383–388
Rinaldi SM, Peerenboom JP, Kelly TK (2001) Identifying, understanding, and analyz-
ing critical infrastructure interdependencies. IEEE Control Syst 21:11–25. https://doi.
org/10.1109/37.969131
Rosinger C, Uslar M, Sauer J (2013) Threat scenarios to evaluate trustworthiness of multi-agents
in the energy data management. EnviroInfo, pp 258–264
Russia US-CCU Special Report (2009) Overview by the US-CCU of the cyber campaign against
Georgia in August of 2008. US Cyber Consequences Unit
Safford D (2002a) Clarifying misinformation on TCPA. In: White Pap. http://www.research.ibm.
com/gsal/tcpa/tcpa_rebuttal.pdf
Safford D (2002b) The need for TCPA. http://www.research.ibm.com/gsal/tcpa/why_tcpa.pdf
296 Y. Danidou
Schneider FB (2000) Critical infrastructures you can trust: where telecommunications fits. Comput
Sci Telecommun 1–29
Schneier B (2010) Security in 2020 – Schneier on security. https://www.schneier.com/blog/
archives/2010/12/security_in_202.html. Accessed 21 Jun 2018
Schoen S (2003) Trusted computing: promise and risk. Electronic Frontier Foundation
Schoorman FD, Mayer RC, Davis JH (2007) An integrative model of organizational trust: past,
present, and future. Acad Manag Rev 32:344–354. https://doi.org/10.5465/amr.2007.24348410
Shirey R (2000) RFC2828: Internet Security Glossary. RFC Editor
Simon T (2017) Critical infrastructure and the Internet of Things. Cent Int Gov Innov Chatham
House 46
Stanganelli J (2018) EU’s NIS Directive Compounding GDPR Burdens & Confusion – Security
Now. In: 23/02/2018. https://www.securitynow.com/author.asp?section_id=613&doc_
id=740750. Accessed 16 Jun 2018
Tankard C (2011) Advanced persistent threats and how to monitor and deter them. Netw Secur
2011:16–19. https://doi.org/10.1016/S1353-4858(11)70086-1
TCG (2006) More secure computing. TCG
Ten C-W, Manimaran G, Liu C-C (2010) Cybersecurity for critical infrastructures: attack and
defense modeling. IEEE Trans Syst Man Cybern – Part A Syst Humans 40:853–865. https://
doi.org/10.1109/TSMCA.2010.2048028
The White House (2013) Executive Order 13636: improving critical infrastructure cybersecurity.
Fed Regist 78:1–8
Varianou Mikellidou C, Shakou LM, Boustras G, Dimopoulos C (2017) Energy critical infrastruc-
tures at risk from climate change: a state of the art review. Saf Sci. https://doi.org/10.1016/J.
SSCI.2017.12.022
Vermesan O, Friess P (2015) Building the hyperconnected society: Internet of things research and
innovation value chains, ecosystems and markets. River Publishers
Vespignani A (2010) Complex networks: the fragility of interdependency. Nature 464:984–985.
https://doi.org/10.1038/464984a
Yeung K (2008) Towards an understanding of regulation by design. In: Yeung K (ed) Regulating
technologies: legal futures, regulatory frames and technological fixes. Hart, Oxford, pp 79–108
Yeung K, Dixon-Woods M (2010) Design-based regulation and patient safety: a regulatory studies
perspective. Soc Sci Med 71:502–509
Zimmerman R (2004) Decision-making and the vulnerability of interdependent critical infra-
structure. In: IEEE international conference on systems, man and cybernetics (IEEE Cat. No.
04CH37583). IEEE, pp 4059–4063
Zittrain J (2008) The future of the Internet and how to stop it. Yale University Press, New Haven
Part III
E-commerce and Online Consumer
Protection
Chapter 14
Adopting a Smart Approach to EU
Legislation: Why Has It Proven
So Difficult to Introduce a Directive
on Contracts for the Supply of Digital
Content?
Paula Giliker
Abstract In December 2015, the European Commission put forward a proposal for
a directive providing a single set of rules covering contracts for the sale and rental
of digital content and digital services: the Directive on contracts for the Supply of
Digital Content (pDCD). At face value, this was a proposal that had much to com-
mend it. It is a key part of the Commission’s Digital Single Market Strategy that
aims to reduce barriers to trade and offer more opportunities for consumers and
businesses to contract across European Union (EU) borders in a legal, safe, secure
and affordable way, and deals with an area of law in which few Member States have
to date legislated. It builds on earlier directives (notably the Consumer Sales
Directive 1999/44/EC) and seeks to provide for the particular needs of the digital
marketplace. This chapter will examine why, then, it has proven so difficult to intro-
duce. Suggestions for change and amendments have come from academics, con-
sumer and business groups, and practitioners and we have seen strong differences of
opinion between the European Parliament and Council of the EU. The saga of the
pDCD is one that takes us into EU consumer and private law policy and highlights
the real difficulties of legislating in the digital age. Although Directive 2019/770/EU
on Contracts for the Supply of Digital Content and Digital Services (DCSD) was
finally brought into force in June 2019, this chapter seeks to identify lessons that
may be learnt from the troubled journey of the pDCD towards legislative approval.
P. Giliker (*)
University of Bristol, Bristol, UK
e-mail: paula.giliker@bristol.ac.uk

https://doi.org/10.1007/978-3-030-25579-4_14
300 P. Giliker
1 Introduction
On 9 December 2015, the European Commission tabled a proposal for a directive

on contracts for supply of digital content to consumers (pDCD or Directive).1 The
proposal is for a single set of rules covering contracts for the sale of digital content
(i.e. when consumers buy music, films, e-books or applications), for rental of digital
content (i.e. when consumers watch a movie online, but do not download a copy),
as well as contracts for digital services (i.e. cloud computing and social media).
Such a proposal has much to commend it. It is part of the Commission’s Digital
Single Market Strategy that aims to reduce barriers and offer more opportunities for
consumers and businesses to contract across European Union (EU) borders in a
legal, safe, secure and affordable way.2 Such steps, in the Commission’s estimation,
could contribute €415 billion per year to economic growth, boosting jobs, competi-
tion, investment and innovation in the EU.3 It is also consistent with the Commission’s
2018 New Deal for Consumers strategy4 which expressly acknowledged that the
digital contracts proposals are “a central element of the Digital Single Market strat-
egy aiming to modernise consumer contract rules for the supply of digital content.”5
The Commission therefore urged that:
Considering the importance of these proposals in order to provide consumers with clear and
effective rights when accessing digital content and to ensure that both consumers and busi-
nesses can rely on uniform and effective rules across Europe, … the European Parliament
and the Council … ensure the rapid adoption of these proposals.
One of the reasons for urgency on this matter is that rules on the supply of digital
content are generally absent in European private law systems. While the United
Kingdom chose to legislate in this area in the Consumer Rights Act 2015,6 it is
unique in this respect. Ireland, which had intended to follow the lead of the UK and
had drafted its own Consumer Rights Bill, put this on hold when the 2015 proposal
was introduced.7 Other States such as Germany and the Netherlands have extended
the scope of existing contract rules to include sale of digital content, but States such
as France and Poland have at present no explicit rules relating to the supply of digi-
tal content. There is therefore a gap (a) which needs to be filled in this fast-moving
area of law (the Commission has found that the value of retail e-commerce in the
1
Proposal for a Directive of the European Parliament and of the Council on certain aspects con-
cerning contracts for the supply of digital content COM (2015) 634 final.
2
Economic and Social Committee and the Committee of the Regions: A Digital Single Market
Strategy for Europe, COM (2015) 192 final.
3
https://ec.europa.eu/commission/priorities/digital-single-market_en.
4
Communication from the Commission to the European Parliament, the Council, and the European
Economic and Social Committee: A New Deal for Consumers, Brussels, 11.4.2018 COM (2018)
183 final.
5
Ibid., p. 2.
6
See Giliker (2017a), Willett (2018) and Samuels (2016).
7
Kelly (2018).
14 Adopting a Smart Approach to EU Legislation: Why Has It Proven So Difficult… 301
European Union grew by 13.4% in 2014 reaching a total of €370 billion8), (b) where
both businesses and consumers would benefit from greater certainty and clarity of
their respective rights and (c) where, unusually, there is limited potential to clash
with domestic law in that it does not generally exist. The main exception to (c)—the
United Kingdom—obviously becomes of limited relevance in the light of Brexit.
The Commission reported in 2015 that at least 70 million consumers had experi-
enced one or more problems with just four popular types of digital content (music,
anti-virus, games and cloud storage) over the last 12 months and yet only 10% of
consumers experiencing problems received remedies. As a result of these unre-
solved problems, consumers in the EU have suffered financial and non-financial
detriment estimated at around €9–11 billion.9 Businesses equally are being affected
by consumer reluctance to incur the risks of contracting online; the Commission
estimating that if consumers were reassured it could create a market of up to 70 mil-
lion online cross-border buyers.10
Why, then, did it take until 2019 for the Council of the EU to announce that
agreement had been reached on the text of the Directive? If there is a need for law
in this area, obvious benefits to consumers, little or no conflict with the private law
provisions of individual Member States, what, then, was the reason for this delay?
The tale of the pDCD is one that takes us into EU consumer and private law policy
and highlights the real difficulties of legislating in the digital age. With Directive
2019/770/EU on certain aspects concerning Contracts for the Supply of Digital
Content and Digital Services (DCSD) finally coming into force on 11 June 2019, it
is timely to reflect on what lessons can be learnt from the delays and debates in this
particular area of law. Why has it proven so hard to legislate on contracts for the
supply of digital content?
2 W
hat Are Contracts for the Supply of Digital Content
and Why Is Legal Intervention Needed?
The case for legal intervention in this area of law is hard to dispute. Indeed, it is dif-
ficult to identify a clearer example where an agreed framework at a European level
would be advantageous to deal with a situation affecting every EU state where con-
sumers need greater protection and businesses greater clarity. It is also an area of
contract law that is under-developed and under-theorised.11 Traditional codified sys-
tems of contract law inevitably struggle to respond to the demands of new
8
Communication from the Commission to the European Parliament, the Council and the European
Economic and Social Committee, Digital Contracts for Europe—Unleashing the potential of
e-commerce, COM (2015) 633 final.
9
European Commission, ‘EU Fact Sheet: Digital Contracts for Europe’ (December 2015), p. 2.
10
Ibid.
11
Although the proposed Directive has encouraged literature in this field, see, for example, Schulze
et al. (2017), de Franceschi (2016), Grundmann (2017) and Claeys and Terryn (2017).
302 P. Giliker
technology,12 raising fundamental issues such as how to classify such contracts—is

“data” a product? Is “cloud computing” which permits the consumer to access the
supplier’s server via the internet a service or even a rental contract?—what stan-
dards of performance are expected and indeed what remedies are appropriate?
Remedies honed to respond to the sale of physical (tangible) items do not necessar-
ily translate well into the digital marketplace. Further, it is often unclear whether
these new forms of contracting fall within existing legislation.13 The Product
Liability Directive 85/374/EEC14 provides a good example of the issues that can
arise. Art. 2 of this directive defines a product under the directive as a “moveable”—
a term familiar to all civil lawyers, traceable to Roman law, and not wholly unfamil-
iar to common lawyers. When applied, however, to software and intellectual
property generally, there has been confusion; Fairgrieve reporting that in Belgium
legislation expressly excludes intangible products from its implementation of the
directive, while in other jurisdictions the courts have settled that the product in ques-
tion must be a material item.15 The point is that the language of Roman law is ill-
placed to categorise forms of contracting in the twenty-first century. As Howells,
Twigg-Flesner and Wilhelmsson commented recently:
A subject and body of legislation formed in the era of the development of mass consumer
markets for cars and white goods is developing fast and being driven by increased consumer
affluence and technological developments. The service sectors are growing, and the digital
revolution is likely to spawn both new products and new ways of delivering them. This is
the ideal time to review the development of EU consumer law to check that its fundamental
values are fit for purpose.16
The very breadth of the term “digital content” that covers a wide range of items
ranging from the download of music, films, apps, e-books and games, to matters
such as cloud storage and social media services, on-line games, pay-per view access
to films and so on highlights the scale of the problem and the need to provide both
businesses and consumers with a legal framework which reflects the distinctive
needs of this market. The Commission Digital Single Market initiative thus pro-
vides the ideal basis to move forward, building on the first steps taken in this direc-
tion in the Consumer Rights Directive 2011/83/EU (CRD) that expressly
acknowledged that contracts for the supply of digital content should fall within its
12
Of the particular problems raised by digital content contracts, see Helberger et al. (2013) and
Loos et al. (2011).
13
See, for example, the points raised in Bradgate (2010).
14
Council Directive 85/374/EEC of 25 July 1985 on the approximation of the laws, regulations and
administrative provisions of the Member States concerning liability for defective products OJ L
210, 7.8.1985, pp. 29–33.
15
Fairgrieve (2019), pp. 38–40.
16
Howells et al. (2018), p. 1.
scope.17 Art. 2.1 of the pDCD defines “digital content” even more broadly than the
CRD to include data and services.18
3 The 2015 Initiative: A Step Forward?
On 9 December 2015, proposals for two new directives were published with the aim
to harmonise key aspects of contract law relating to online and distance sale of
goods contracts and contracts for the supply of digital content.
(i) The first, and the focus of this chapter, concerned business to consumer con-
tracts for the supply of digital content (the proposed Supply of Digital Content
Directive [pDCD]).19 This covers both digital goods and digital services.
(ii) The second proposal dealt with consumer contracts concerning the online and
other distance sale of goods (the proposed Online Sale of Goods Directive
[pOSG]).20
Both measures involved maximum harmonisation and sought to ensure that
traders in the Internal Market are not deterred from cross-border trading by differ-
ences in mandatory national contract laws, while providing consumers with a higher
level of protection.
It was the pOSG that proved the more controversial proposal. This was always
likely to be the case. The law relating to sale of goods is already highly regulated at
national level, with additional EU intervention.21 Any new measures were therefore
likely to give rise to friction and contradiction with rules at a national level; a factor
accentuated by making the directive one of maximum harmonisation. Further, the
decision to confine intervention to distance contracts proved unpopular with
17
Directive 2011/83/EU of the European Parliament and of the Council of 25 October 2011 on
consumer rights, OJ L 304, 22.11.2011, pp. 64–88, recital 19. It also attempted a definition of digi-
tal content as “data which are produced and supplied in digital form, such as computer programs,
applications, games, music, videos or texts, irrespective of whether they are accessed through
downloading or streaming, from a tangible medium or through any other means”: recital 19. See
also Art. 2(11), CRD.
18
Art. 2.1, pDCD: “(a) data which is produced and supplied in digital form, for example video,
audio, applications, digital games and any other software, (b) a service allowing the creation, pro-
cessing or storage of data in digital form, where such data is provided by the consumer, and (c) a
service allowing sharing of and any other interaction with data in digital form provided by other
users of the service.”
19
cerning contracts for the supply of digital content Brussels, 9.12.2015, COM (2015) 634 final.
20
cerning contracts for the online and distance sales of goods Brussels, 9.12.2015 COM (2015) 635
final.
21
Notably the Consumer Sales Directive 1999/44/EC of the European Parliament and of the
Council of 25 May 1999 on certain aspects of the sale of consumer goods and associated guaran-
tees, [1999] OJ L 171/12.
304 P. Giliker
b usinesses which deal with customers both face-to-face and online. It was also
likely to be confusing to consumers faced with different rules depending on the
mode of contracting. In October 2017,22 the Commission amended the pOSG to
extend its scope to include face-to-face sales contracts, responding to concerns that
it would prove unworkable in relation to businesses that used more than one channel
for sales (omni-channel distributors).23 The amended directive (pSGD) sought to
provide coherent rules for all sales of goods contracts for the benefit of both busi-
nesses and consumers and to avoid legal fragmentation that would result from the
application of different regimes depending on how the goods were sold. In view of
an overlap with the Consumer Sales Directive 1999/44/EC (CSD), previously sub-
ject to a Regulatory Fitness and Performance Programme (REFIT) Check,24 it was i
proposed that the 1999 Directive would be repealed.25
In contrast, the reaction to the pDCD was generally warm. This is not surprising
given its aim to bring certainty and clarity to an area of contracting to which many
modern systems of contract law have been slow to respond, if at all. Nevertheless,
this did not prevent an active debate as to its precise content. Looking at the basic
structure of the pDCD, we can identify four main characteristics26:
• For a digital contract to be included in its scope, it must either provide for a price
to be paid by the consumer, or the consumer must provide personal data or other
data in exchange (Art 3);27
• With regard to criteria for determining the conformity of the businesses’ perfor-
mance, the Directive gives preference to the text of the contract over objective
criteria for assessing quality (Art. 6);
22
Amended proposal for a Directive of the European Parliament and of the Council on certain
aspects concerning contracts for the online and other distance sales of goods, amending Regulation
(EC) No 2006/2004 of the European Parliament and of the Council and Directive 2009/22/EC of
the European Parliament and of the Council and repealing Directive 1999/44/EC of the European
Parliament and of the Council, Brussels, 31.10.2017 COM (2017) 637 final—2015/0288 (COD).
23
For criticism, see Smits (2016) and Beale (2016b). See also Remáč (2016).
24
European Commission Staff Working Document, Report of the Fitness Check on Directive
1999/44/EC of the European Parliament and of the Council of 25 May 1999 on certain aspects of
the sale of consumer goods and associated guarantees, Brussels, 23.5.2017, SWD(2017) 209 final.
25
There is, however, no overlap with the Consumer Rights Directive 2011/83/EU (CRD)—the
intention is that the pSGD will supplement the CRD and that they will function in a complemen-
tary manner. The CRD mainly includes provisions on pre-contractual information requirements,
the right of withdrawal from distance and off-premises contracts and rules on delivery of goods and
passing of risk, while the pSGD lays down rules on the conformity of the goods with the contract,
the remedies available to consumers in the event of a lack of conformity and the modalities for the
exercise of those remedies.
26
See also Art. 1 that defines the subject matter of the Directive.
27
Art. 3(1): “This Directive shall apply to any contract where the supplier supplies digital content
to the consumer or undertakes to do so and, in exchange, a price is to be paid or the consumer
actively provides counter-performance other than money in the form of personal data or any other
data.” The directive, therefore, does not apply to digital content provided free of charge.
• The Directive introduces a “hierarchy of remedies”, meaning that the consumer

may not terminate the contract and demand a refund upfront, but must give the
business a “second chance” (Art. 12);
• While the right to terminate is limited, rules do exist for termination of the con-
tract immediately when the supplier failed to supply the digital content28 and for
the termination of long-term (over one year) contracts for the supply of digital
content (Arts. 11 and 16).
Art. 4 of the pDCD provides that it will be a maximum harmonisation measure
with Member States not able to maintain or introduce provisions diverging from
those laid down in this Directive, including more or less stringent provisions. The
aim is to provide a set of harmonised contract law rules which will make it easier for
businesses to offer digital content cross-border, while consumers will benefit and
gain confidence from a set of clear rights that address the problems they face with
contracts for the supply of digital content. The pDCD is not, however, engaging in
full harmonisation. It leaves to national law issues such as the formation and validity
of contracts, the legality of the content and related issues such as the obligations of
the consumer towards the supplier of digital content and the laws governing limita-
tion or prescription periods.29 It also does not determine whether the contract will be
considered as sales, services, rental or sui generis contract, leaving this to Member
States (despite recognising this as a specific problem creating uncertainty in its
Explanatory Memorandum).30
The aim, therefore, is to focus on a specific problem: the absence of a clear reme-
dial framework for consumers raising matters of non-conformity and failure to sup-
ply under contracts for the supply of digital content. Art. 6(1) focuses on the quantity,
quality, duration, version, functionality, interoperability and other performance fea-
tures such as accessibility, continuity and security—qualitative standards attuned to
the needs of digital contracts—in addition to more traditional concerns of being fit
for any particular purpose for which the consumer requires it. Remedies equally
take account to a certain extent of the particular needs of digital content, although
the starting point is the hierarchy of remedies found in the CSD: in the case of a lack
of conformity with the contract, the consumer shall be entitled to have the digital
content brought into conformity with the contract free of charge, unless this is
impossible, disproportionate or unlawful.31 The right to terminate is limited, as
28
Art. 5(2) provides that the supplier shall supply the digital content immediately after the conclu-
sion of the contract, unless the parties have agreed otherwise.
29
See Art 3(9) pDCD. These are not inconsiderable gaps, although contract is defined at Art. 2(7).
Such matters would seem to be excluded to reduce intrusion into national contract law. Note also
that Art. 3 excludes certain specified types of contracts which are regulated elsewhere.
30
Mak (2016) argues that this is likely to lead to fragmentation and confusion, especially for con-
sumers and SMEs. She recommends that the rules should be transposed into national laws as a
separate set of rules for digital content contracts, similar to the approach taken in the UK Consumer
Rights Act 2015: pp. 12–13. See also Lehmann (2016), p. 767.
31
Art. 12(1) pDCD.
306 P. Giliker
indicated above,32 but when available, Art. 13 makes express provision for the mea-
sures needed when ending a contract for digital content, particularly where the con-
sumer has provided personal data to the supplier. Art. 16 also provides for a new
right to terminate in relation to long term contracts33 with the consumer entitled to
terminate the contract any time after the expiration of the first 12 months period.
Art. 14 further provides for a rather ill-defined action for damages for “any eco-
nomic damage to the digital environment of the consumer caused by a lack of con-
formity with the contract or a failure to supply the digital content.”
Given this clear framework, why, then, has agreement on these provisions proven
so difficult to achieve?
4 Legislating on New Technology: Lessons To Be Learnt
This section will identify four main reasons why the introduction of the pDCD has
been delayed and seek to draw out lessons to be learnt from this experience. Two
crucial developments post-2015 must first be noted:
(1) On 8 June 2017, the Council of the EU (Council) adopted a position on the
Directive setting out new rules for business-to-consumer contracts for the sup-
ply of digital content and digital services.34 This was a response to debates both
internally (within the European Parliament and Council) and externally (input
from academics/practitioners/interest groups). A compromise text was pro-
posed to establish “a well-balanced regime of a high level of consumer protec-
tion and the creation of a business-friendly environment for EU entrepreneurs
… [and to provide] for a delicate balance between the different positions of
Member States.”35 (The 2017 General Approach).
(2) On 29 January 2019, Council and European Parliament negotiators agreed on a
compromise package which would include both the pDCD and the pSGD. (The
2019 Compromise Package).36 This followed negotiations started in December
32
See also Arts. 12(3) and (5) pDCD limiting right to terminate for non-conformity.
33
Defined as where the contract provides for the supply of the digital content for an indeterminate
period or where the initial contract duration or any combination of renewal periods exceed 12
months: Art. 16(1).
34
https://www.consilium.europa.eu/en/press/press-releases/2017/06/08/contracts-for-digital-content-
supply/.
35
cerning contracts for the supply of digital content (First reading)—General approach,
Interinstitutional File: 2015/0287 (COD), Brussels, 1 June 2017, p. 3.
36
cerning contracts for the supply of digital content—Confirmation of the final compromise text with
a view to agreement, Interinstitutional Files: 2015/0288(COD) 2015/0287(COD), Brussels, 1
February 2019.
2017, which, from December 2018, included the related proposal for the
pSGD.37
While I do not have the space here to go through all the suggested changes to the
pDCD, some of which merely involved clarification38 and some which did not sur-
vive to the final version, in this section I will highlight key points of tension and why
they led to delays. Four issues, in particular, stand out which will be examined
below. These offer both an indication of the difficulties which the pDCD has faced
in its path towards legislation and matters which are of more general relevance in
drafting legislation in EU private law.
4.1 B
eware of the Company You Keep: The Impact
of the (Online) Sale of Goods Directive
When adopting a proposal for a directive on the supply of digital content on 9

December 2015, the Commission simultaneously adopted a second proposal: on the
online sale of goods. Collectively, these were seen as part of the Digital Market
Strategy pillar to ensure better access for consumers and businesses to online goods
and services across Europe, tackling legal fragmentation in the field of consumer
contract law and low consumer trust when buying online from another Member
State.39 The pDCD was not, therefore, intended to be regarded in isolation, but as
part of a series of measures, including the pOSG.
This has led to two related problems which have delayed the progress of the
Directive. First, there is a crucial overlap between goods sold online and contracts
for the supply of digital content. Consider, for example, the purchase of a DVD or a
smart phone—are they goods or contracts for the supply of digital content? (The
internet of things, indeed, takes this a step further with more objects and devices
connected to digital networks than ever before.40) The terms of the directives are not
identical and so demarcation matters. The Commission intended that the pDCD
would apply to all digital content, independently of the medium used for its trans-
mission. It would include the supply of digital content whether transmitted on a
durable medium, downloaded by consumers on their devices, web-streamed,
allowed access to storage capabilities of digital content and content accessed by use
of social media. It would thus extend to:
… goods such as DVDs and CDs, incorporating digital content in such a way that the goods
function only as a carrier of the digital content. The Directive should apply to the digital
37
The Joint IMCO and JURI committee approved the provisional agreement on 20 February 2019.
38
For example, inserting the term “digital services” into the title of the directive to make it more
obvious that it covers both services and digital content; replacing the word “supplier” with “trader”.
39
See European Commission, Consumer Conditions Scoreboard (2017 edition).
40
Bunz and Meikle (2017), Weber and Weber (2010) and Wendehorst (2017). The internet of things
is not, however, included in the proposal.
308 P. Giliker
content supplied on a durable medium, independently whether it is sold at a distance or in

face-to-face situations, so as to avoid fragmentation between the different distribution
channels.41
This leads, however, to a complicated distinction:

… this Directive should not apply to digital content which is embedded in goods in such a
way that it operates as an integral part of the goods and its functions are subordinate to the
main functionalities of the goods.42 (An example is given of data storage in a car).
Such an approach contrasts with that of UK legislation that deals with goods,
services and supply of digital content within one piece of legislation. Section 16 of
the Consumer Rights Act 2015,43 makes it clear that CDs and DVDs, which most
consumer would assume would be subject to the general protection for sale of
goods, are, in fact, subject to this regime. A distinction, then, is drawn between
goods, and digital content supplied in tangible form, for example on a disk or pre-
loaded onto a device such as a phone or tablet, which would fall within the digital
content provisions. The technical distinction found in the pDCD is one unlikely to
prove popular with consumers and was particularly egregious when the sale of
goods protection envisaged was confined to online sales with different protection
again for face-to-face contracts.
In amending the pOSG in 2017 to cover all types of sale of goods contracts,44 the
intention was that the revised proposal (pSGD) would, together with the pDCD,
contribute to unleashing the potential of the Digital Single Market, with the amended
proposal being a very important part of this package as the sales of goods represents
more than 80% of the total cross-border trade.45 Yet, in so doing, the Commission
caused a further delay towards implementation of the pDCD. In revising the now
pSGD and creating an ongoing debate as to its content, the pDCD was likely to be
caught in the cross-fire. In being linked, therefore, to a controversial proposal, the
fate of the pDCD was to a certain extent entwined with the ability of the Commission
to provide a proposal for sale of goods legislation that would receive approval.
Could the pDCD have gone alone? This, indeed, was contemplated at one stage
and commentators have speculated whether the decision in 2015 to split the propos-
als between two directives was in itself a tactical consideration designed to ensure
that at least one of them would pass should the other be rejected by the Council.46
Yet, the demarcation question continues to haunt these proposals. While the
European Parliament at one time favoured including digital content embedded in a
good within the pDCD, with the good itself (the hardware) governed by the pSGD,
41
Recital 12, pDCD.
42
Recital 11, pDCD (emphasis added). For criticism, see Sein (2017).
43
S.16(1)(a) Consumer Rights Act 2015: Goods include an item that includes digital content. The
Act thus allows for “mixed contracts”. See, further, Giliker (2017b), pp. 121–122.
44
Amended Proposal for a Directive on contracts for the online and other distance sales of goods
COM(2017) 637 final.
45
Impact assessment accompanying the digital contracts proposals, SWD (2015) 274 final, p. 5.
46
Lehmann (2016), p. 771.
Council in 2017 took an opposing view. In its General Approach, Council asserted
its view that embedded digital content should be excluded from the pDCD. This, it
now defined, as “digital content forming part of a good in a way that such good
would be inoperable or would be prevented from performing its main functions in
the absence of such digital content.”47 The 2019 Compromise Package indicates
agreement that products with a digital element (for example, smart fridges) would
be regulated only through the sale of goods directive. In recitals 12–12(a) and 20, it
clarifies that to meet the expectations of consumers and ensure a clear-cut and sim-
ple legal framework for suppliers of digital content, the pDCD would apply:
• To digital content which is supplied on a tangible medium, such as DVDs, CDs,
USB sticks and memory cards, as well as to the tangible medium itself, provided
that the tangible medium functions only as a carrier of the digital content. The
pSGD should apply to contracts for the sale of goods, including goods with digi-
tal elements (that is, goods that incorporate or are inter-connected with digital
content or a digital service in such a way that the absence of that digital content
or digital service would prevent the goods from performing their functions). This
will cover goods such as smart TVs and smart watches.
• Where digital content or digital services are combined with the provision of
goods or other services and offered to the consumer within the same contract
comprising a bundle of different elements (bundle contracts), for example, the
provision of digital television and the purchase of electronic equipment, the
pDCD should only apply to the elements of the overall contract which consist of
the supply of digital content or digital services. The other elements of the con-
tract should be governed by the rules applicable to those contracts under national
law or, as applicable, other Union laws governing a specific sector or subject
matter.
One might express doubts whether these rather complicated provisions resolve
all the issues raised in this section.
4.2 H
ow Innovative Do You Want To Be? The Problem
of Engaging with New Technology
This takes me to the second issue which has arisen in this context: innovation. The
Directive seeks to cater for fast technological developments, take account of the
nature of digital content, and meet the expectations of consumers, while ensuring a
clear-cut and simple legal framework for suppliers providing measures which are
future-proof.48 Nevertheless, as Merdi has noted, the pDCD and pOSG were put
forward in 2015 as “modified” proposals to replace the earlier proposal for a
47
2017 General Approach (n 35), p. 5.
48
See, for example, Recitals 11 and 12 to pDCD.
310 P. Giliker
Common European Sales Law (CESL).49 Thus, looking at the pDCD, we can see
that it remodels to a certain extent the sales of goods provisions in CESL and the
CSD, focussing on non-conformity and remedies for non-conformity.50 This has
not, however, been wholly successful. Commentators have noted that the supply of
digital content may raise issues beyond those normally found in sale of goods con-
tracts. A simple example may be found in Art. 3 of the pDCD. This recognises the
value of personal data as a form of payment in modern business practice,51 but has
given rise to questions as to which types of personal data it covers,52 and to what
extent there may be a potential conflict with the EU’s own data protection legisla-
tion, notably the General Data Protection Regulation.53 The revised form of Art. 3 in
the 2019 Compromise Package again struggles to find a form of wording which
succinctly resolves this problem.54 There is a danger, therefore, of paying insuffi-
cient attention to the nature, value and potential abuse of data and the fact that per-
sonal data is regulated elsewhere.55 Hoekstra and Diker-Vanberg observe that the
origins of the initiative prove in practice a weakness with a failure to focus on the
particular context of digital contracts.56 By seeking to engage with new forms of
exchanges, the pressure mounts on the legislator to produce legislation which is
reflective of market practices and consider other forms of regulation (notably those
which derive from the EU itself!)
Further examples of the difficulties of drafting provisions based on traditional
sale of goods law principles but adapted to new technology may be found, but the
49
Prastitou Merdi (2017), p. 126. See also Grundmann and Hacker (2017) who, at p. 289, describe
the directives as “a continuation of the Common European Sales Law (CESL) with other means,
and with a different scope.”. See Proposal for a Regulation of the European Parliament and of the
Council on a Common European Sales Law COM (2011) 635 final.
50
Lehmann (2016), for example, comments that the provisions of the pDCD at times simply para-
phrase the rules of the Consumer Sales Directive: at 759–760. CESL made express provision for
criteria for conformity of goods and digital content: Art. 100.
51
Contrast the UK Consumer Rights Act 2015 (s.33(1),(2)) which chose to avoid this issue entirely,
but has been criticised as out of tune with modern forms of contracting: see Mak (2016), p. 10. See
also Schulze and Staudenmayer (2016), p. 32: personal data is increasingly becoming a substitute
currency.
52
Spindler (2016), pp. 191–194. He noted that the scope of application regarding digital content
provided in exchange for data was not defined in a precise way and could lead to practical prob-
lems in interpretation.
53
movement of such data OJ 4.5.2016 L 119/1. Note, for example, comments by the European Data
Protection Supervisor in March 2017: Option 4/2017, Document 7369/17.
54
Article 3(1): “This Directive shall also apply where the trader supplies or undertakes to supply
digital content or a digital service to the consumer and the consumer provides or undertakes to
provide personal data to the trader, except where the personal data provided by the consumer is
exclusively processed by the trader for supplying the digital content or digital service in accor-
dance with this Directive or for the trader to comply with legal requirements to which the trader is
subject, and the trader does not process this data for any other purpose.”
55
Grundmann and Hacker (2017), pp. 289–291.
56
Hoekstra and Diker-Vanberg (2019).
key point here is that the two approaches do not mix well. Seeking to provide “future
proof” legislation, while adapting core principles from the CSD and CESL, was
always going to be problematic and so it proved to be. It begs the fundamental ques-
tion whether the methodology underlying the Directive is, in fact, flawed and the
Commission should, in fact, have taken more time to focus on how to legislate in
this area of law rather than opting for the quick and, at face value, easier option of
simply adapting pre-existing legislative proposals to this new context. Innovation is
not easy and short-cuts rarely prove to be satisfactory in practice.
4.3 C
onsumer Protection and Maximum Harmonisation:
A Match Made in Heaven?
The pDCD then represented an attempt at a compromise: a traditional focus on

conformity and consumer remedies, but one attuned to the question of digital con-
tent. In so doing, it sought to provide a high level of consumer protection with maxi-
mum harmonisation ensuring that consumer rights are available at the same level
across all Member States. Yet, maximum harmonisation comes at a price—it pre-
cludes Member States from providing any greater or lesser protection than that
stated in the Directive. There is a danger, then, that in “capping” consumer protec-
tion, some consumers might be left with less protection than currently exists in their
Member State. Three particular measures would seem to leave the Commission
open to accusations of reducing consumer protection:
• Art. 6 that gives preference to the text of the contract over objective criteria for
determining the conformity of the businesses’ performance
• Art. 14 giving a right to damages for economic damage to the digital environ-
ment of the consumer caused by a lack of conformity with the contract or a fail-
ure to supply digital content.
• Arts. 11–16. restricting the ability of Member States to permit termination of the
contract.
Article 14 can be dealt with straightaway. As a maximum harmonisation measure
governing damages for economic loss in this specific context, arguably it prevents
Member States from permitting recovery for consequential loss.57 In the face of
criticism, such a provision was soon abandoned in the 2017 General Approach.
Art. 6 on conformity seeks, as stated above, to provide provisions suited for digi-
tal content. Controversially, however, it provides at Art. 6(2) that an objective
approach to conformity would only apply to the extent that the standards of quality,
duration, functionality, etc. are not stipulated in a clear and comprehensive manner
by the parties to the contract. In other words, priority is given to contractual auton-
omy. Spindler has argued that, faced with a test that makes no attempt to benchmark
57
See Beale (2016a), pp. 22–24; Mak (2016), pp. 26–27.
312 P. Giliker
the reasonable expectations of consumers, it is unlikely that Art. 6 pDCD would

actually improve the level of consumer protection for digital content in that it leaves
the contract’s content almost entirely to parties’ individual stipulations and consum-
ers vulnerable to disadvantageous provisions in standard term contracts.58 The
assessment by the European Law Institute in 2016 agreed:
This would allow the trader to set its own minimum standard in the terms and conditions,
provided that the terms are in plain and intelligible language. Consumers are most unlikely
to read the terms and conditions before making the contract, so they may not notice that
what is to be supplied may be of a much lower standard than the consumer reasonably
expects. The words quoted are therefore dangerous, and also unnecessary. They should be
deleted.59
The 2017 General Approach of Council responded to a certain extent to these

arguments, choosing to opt for a mix of subjective (agreed in the contract) and
objective (stipulated by law) criteria, while still allowing parties to contract out of
the objective criteria, provided that this is done at the time of conclusion of the con-
tract, and the consumer is specifically informed about any deviations from the
objective conformity requirements and he expressly and separately agrees to those
deviations.
The 2019 Compromise Package sets out expressly that, to ensure that consumers
are not deprived of their rights, e.g. where the contract sets very low standards, the
digital content or digital service should not only comply with the subjective require-
ments for conformity, but should in addition comply with objective requirements
for conformity set out in the Directive, looking, inter alia, at the purpose for which
digital content or digital services of the same type would normally be used. It should
also possess the qualities and performance features which are normal in digital con-
tent or digital services of the same type and which consumers may reasonably
expect, given the nature of the digital content or digital service and, considering any
public statements on the specific characteristics of the digital content or digital ser-
vice made by or on behalf of the trader or other persons in earlier links of the chain
of transactions.60
The Art. 6 saga highlights the difficulties of matching high standards of con-
sumer protection with the desire of businesses to control the content of contracts to
ensure greater predictability. In choosing maximum harmonisation, this measure
was always going to attract scrutiny and concern from the consumer lobby and
indeed it did. The compromise reached demonstrates that the Commission has taken
these concerns on board, albeit after a considerable delay and redraft of Art. 6 itself.
Similar controversy has arisen in relation to the right to terminate the contract.
Again, the idea was to adapt measures previously seen in the CSD and CESL to the
context of contracts for the supply of digital content. The approach taken by the EU
in the CSD was to adopt a hierarchical structure having as its central drive repair and
replacement of goods. This clashes with the approach dominant in common law
58
Spindler (2016), p. 199.
59
ELI (2016), p. 4.
60
Recital 25. See now Art. 8 DCSD Objective requirements for conformity.
systems whereby “[t]he buyer’s first and primary remedy for a breach of contract by
the seller is to reject the goods, and, if appropriate, to repudiate the contract”.61 It is
also an approach that limits consumer choice. Nevertheless, the pDCD adopted this
approach, albeit with some signs of innovation in that provision is made for a right
to terminate where (a) the supplier is liable to the consumer under Art. 5 for failure
to supply digital content (Art. 11), (b) as a last resort for lack of conformity (Arts.
12(5) and 13) and (c) under a long term contract (Art. 16). These latter provisions
are directed at the consumer and seek to use termination as a way to strengthen the
position of the consumer in the marketplace.
It is interesting that here innovation has faced criticism of inconsistency with the
hierarchy of remedies approach.62 The 2017 General Approach accepted that, to
preserve both the interests of consumers and suppliers, suppliers should instead be
allowed a “second chance” in case of lack of supply before the contract can be ter-
minated, although it did suggest on non-conformity, that more flexibility for the
implementation at national level could be achieved by setting out the conditions for
the use of the different remedies rather than establishing a strict hierarchy between
the different remedies.
The 2019 Compromise Package builds on this. Art. 11 is completely revised.
Article 11: Remedy for the failure to supply
1. Where the trader has failed to supply the digital content or digital service in accordance
with Article 5, the consumer shall call upon the trader to supply the digital content or
digital service. If the trader then fails to supply the digital content or digital service
without undue delay, or within an additional period of time as expressly agreed to by the
parties, the consumer shall be entitled to terminate the contract.
2. Paragraph 1 shall not apply and the consumer shall be entitled to terminate the contract
immediately where: (a) the trader has declared, or it is equally clear from the circum-
stances, that the trader will not supply the digital content or digital service; or (b) the
consumer and the trader have agreed, or it is clear from the circumstances attending the
conclusion of the contract, that a specific time for the supply is essential for the con-
sumer and the trader fails to supply the digital content or digital service by or on that
time
Compromises, it would seem, are wordy; the previously succinct 28 words now
extended to 167. As was found with the Consumer Rights Act 2015, lengthy statu-
tory provisions rarely assist clarity for consumers.63 The “second chance” philoso-
phy, however, would now seem to be an inherent part of the remedial framework of
the directive, despite the fact that consumer groups, such as BEUC, have opposed
such a move.64 Further Art. 16 is no more. This potentially innovative provision that
sought to stimulate competition by enabling consumers to switch between suppli-
ers65 has been deleted in the face of criticism that it lacked clarity and might lead to
61
Twigg-Flesner et al. (2016), p. 435. See also Miller (2011), p. 77.
62
See, for example, the November 2017 report of the Committee on Legal Affairs and Committee
on the Internal Market and Consumer Protection.
63
Whittaker (2016).
64
BEUC (2018), p. 5.
65
Recital 46 to pDCD.
314 P. Giliker
unintended consequences such as increased cost of digital content and service.66 No

doubt this is a considerable relief to the business lobby, but does indicate tension
inherent in the Directive between the needs of consumers and businesses. Dropping
this provision at this stage is a clear indication of the desire to move forward with
this Directive, albeit to some extent at the expense of the consumer.
4.4 Time Limits: To Have or Have Not?
Art. 9 of the pDCD places the burden of proof for conformity with the contract on
the supplier, unless the supplier can show that the digital environment of the con-
sumer is not compatible with interoperability and other technical requirements of
the digital content and where the supplier informed the consumer of such require-
ments before the conclusion of the contract.67
This measure is justified on the basis that it reflects the supplier’s deemed supe-
rior knowledge in matters of a technical nature. The key point here is that there is no
time limit. Art. 10 confirms that the supplier shall be liable for any failure (a) to
supply the digital content; (b) lack of conformity which exists when the digital con-
tent is supplied; and (c) where the contract provides for supply over a period of time,
any lack of conformity during that period. Contrast Art. 5(1) of the CSD that pro-
vides for liability where the lack of conformity becomes apparent within 2 years as
from delivery of the goods.68 Recital 43 explains that this is because by its nature
digital content is not subject to wear and tear while being used and is often supplied
over a period of time rather than as a one-off supply. National prescription rules
will, however, apply. These are not subject to harmonisation. There will therefore be
variation in the period of applicability of the conformity requirement which is far
from ideal in a maximum harmonisation directive.
Mak has enquired why there is no time limit and on what basis it can be held
necessary to hold the supplier to a reversed burden of proof for an indefinite time.69
Compatibility problems, she argues, often become apparent fairly soon after the
installation of the content—to what extent, realistically then, are latent issues aris-
ing long after supply going to be an issue in the digital market? Are not such issues
more likely to be because of external changes to the digital environment?
It cannot be a great surprise that Mak was correct in predicting that this would
prove a sticking point for Member States. Spindler also noted that the absence of
time limits for remedies would actually lead to discrepancies between Member
66
Hoekstra and Diker-Vanberg (2019), Sect. 2.2.3.
67
However, Art. 9(3) provides that the consumer must cooperate with the supplier to the extent
possible and necessary to determine the consumer’s digital environment. The obligation to cooper-
ate is limited to the technically available means which are the least intrusive for the consumer.
68
S.42(9) of the UK Consumer Rights Act 2015 also provides for a six month reversed burden of
proof for non-conformity.
69
Mak (2016), p. 20.
States, as national prescription periods would apply leading to fragmentation and

diversity.70 Such a measure was also inconsistent with provisions in the pOSG.71
In 2017, Council bowed to the inevitable and announced that it would consider
differences at national level. The new approach did not fully harmonise prescription
or guarantee periods, but stipulated that the liability of the supplier for cases of lack
of conformity may not be shorter than 2 years. The period for the reversal of the
burden of the proof would be set at one year. Council noted that this was a compro-
mise between delegations who preferred a short period and those who wished to
align this with the limitation of liability.
In the 2019 compromise text, Art. 10 (previously 9) adds that:
1a. In cases referred to Article 9(2), the burden of proof with respect to whether the supplied
digital content or digital service was in conformity at the time of supply shall be on the sup-
plier for a lack of conformity which becomes apparent within a period of one year from the
time when the digital content or digital service was supplied.
Art. 9(2) [previously Art. 10] again casts aside brevity in favour of complicated
compromise:
Where a contract provides for a single act of supply or a series of individual acts of supply,
the trader shall be liable for any lack of conformity under Article 6, 6a, and 7, of the digital
content or digital service which exists at the time of supply, without prejudice to Article
6a(1a)(b).
If, under national legislation, the trader is only liable for any lack of conformity that
becomes apparent within a period of time after supply, that period shall not be less than two
years from the time of supply, without prejudice to Article 6a(1a)(b).
If, under national legislation, the rights laid down in Article 12 are also subject or only
subject to a limitation period, Member States shall ensure that such limitation period allows
the consumer to exercise the remedies laid down in Article 12 for any lack of conformity
that exists at the time indicated in the first subparagraph and becomes apparent within the
period of time indicated in the second subparagraph.
In confirming the compromise reached in 2017, one might nevertheless have

hoped for less convoluted wording in this respect!
What this final example demonstrates, however, is the importance of placing
European initiatives in a national context. Faced with distinct prescription periods
engrained in national legal systems, but also real concerns about an unprecedented
reversed burden of proof without any time restriction, this part of the directive
became a ready target for opposition and debate. Here, innovation was always going
to meet opposition. To expect otherwise was to ignore the context in which this
maximum harmonisation directive arose. Equally, to contradict the position taken in
the pOSG was a step bound to invoke controversy.
70
Spindler (2016), p. 213: “quite the opposite of a European harmonization”.
71
See now Art. 8(3) pSGD: “Any lack of conformity with the contract which becomes apparent
within two years from the time indicated in paragraphs 1 and 2 is presumed to have existed at the
time indicated in paragraphs 1 and 2 unless this is incompatible with the nature of the goods or
with the nature of the lack of conformity.”
316 P. Giliker
5 An Agreed Package: An Easter Surprise
On 15 April 2019, the Council of the EU announced that it had adopted a package
comprising of a directive for the supply of digital content and services and one on
contracts for the sale of goods and that this would mark the end of the legislative
procedure.72 Following Council approval, directives on contracts for the supply of
digital content and services and the sale of goods were adopted and brought into force
on 11 June 2019.73 Member States have until July 2021 to transpose the measures into
national law. Both directives bear the scars of the legislative process and exhibit a
limited resemblance to their 2015 predecessor. For the DCSD, the term “digital ser-
vice” is far more prominent, and in the title of the directive. Goods “with digital ele-
ments” are now defined in the body of the Directive.74 Suppliers are now “traders”.75
While here is not the place for a detailed dissection of the DCSD, we see refinements
to Art. 3 (scope) and Art. 5 (supply of the digital content or digital service); but, as
expected, more radical changes to conformity (now Arts. 6,76 7,77 878 and 979), burden
of proof (now Art. 12),80 liability of the trader (now Art. 11)81 and remedies (see Art.
13 which maintains the revised remedy for failure to comply with Art. 582 and
72
Press release, ‘EU adopts new rules on sales contracts for goods and digital content’ 15 April
2019.
73
Directive (EU) 2019/770 of the European Parliament and of the Council of 20 May 2019 on
certain aspects concerning contracts for the supply of digital content and digital services OJ L
136/1, 22.5.2019, pp. 1–27 and Directive (EU) 2019/771 of the European Parliament and of the
Council of 20 May 2019 on certain aspects concerning contracts for the sale of goods, amending
Regulation (EU) 2017/2394 and Directive 2009/22/EC and repealing Directive 1999/44/EC OJ L
136/28, 22.5.2019, pp. 28–50.
74
Art. 2(3) as “any tangible movable items that incorporate, or are inter-connected with, digital
content or a digital service in such a way that the absence of that digital content or digital service
would prevent the goods from performing their functions.”
75
Art. 2(5).
76
The trader shall supply to the consumer digital content or a digital service that meets the require-
ments set out in Articles 7, 8 and 9, where applicable, without prejudice to Article 10.
77
Subjective requirements for conformity.
78
Objective requirements for conformity, stated to be in addition to complying with any subjective
requirement for conformity.
79
Incorrect integration of the digital content or digital service.
80
Art. 12(2): “the burden of proof with regard to whether the supplied digital content or digital
service was in conformity at the time of supply shall be on the trader for a lack of conformity which
becomes apparent within a period of one year from the time when the digital content or digital
service was supplied.”
81
Art. 11(2): “If, under national law, the trader is only liable for a lack of conformity that becomes
apparent within a period of time after supply, that period shall not be less than two years from the
time of supply, without prejudice to point (b) of Article 8(2).”
82
Art. 13(1): “Where the trader has failed to supply the digital content or digital service in accor-
dance with Article 5, the consumer shall call upon the trader to supply the digital content or digital
service. If the trader then fails to supply the digital content or digital service without undue delay,
or within an additional period of time, as expressly agreed to by the parties, the consumer shall be
entitled to terminate the contract.”
Art. 14),83 with complex termination provisions (Arts. 15–18) now including express
reference to the General Data Protection Regulation 2016/679. The DCSD bears all
the hallmarks of a compromise. It is one admittedly that has finally achieved suffi-
cient agreement to complete the legislative process, but for those familiar with the
2015 proposal, the scars are self-evident. It is not clear also that all the issues con-
cerning interpretation highlighted in this paper have been resolved, but that is an
argument for another day
6 Conclusion
What conclusions, then, can we draw from the attempt to introduce a new maximum
harmonisation directive on contracts for the supply of digital content? The auguries
were good. This was an area of law in which consumers felt vulnerable and busi-
nesses faced uncertainty and the Commission had data to support the need for inter-
vention. Equally, because of a general absence of specialist legislation in Member
States, the proposals were unlikely to meet the kind of opposition generated when
the EU seeks to overturn rules of law developed over centuries and encapsulated in
an iconic civil code. Faced with a demand for change, evidenced by the UK legislat-
ing in this area and other States contemplating the need for national legislation, it
appeared that this would be a proposal that was likely to receive considerable sup-
port and a fairly painless path to implementation.
As this chapter has shown, this has not been the case. It has taken two “compro-
mises” and a further redraft before the Directive on contracts for the supply of digi-
tal content completed the legislative process. Ireland, which held back on following
the UK approach in 2015 under the assumption that EU law was imminent, has had
a long wait to legislate in this field.
In this chapter, I have tried to draw out lessons to be learnt from this process. The
first, and most obvious, is that drafting legislation in a fast-moving area of law is
never going to be easy. As Grundmann and Hacker have recently argued, the pDCD
went well beyond known territory:
… digital content is about the problem of an object of the contract which poses consider-
ably or even completely new problems in large quantity: namely non-rivalrous and/or
nonexcludable use of the good and questions of compensation; alternative modes of com-
pensation (namely giving personal data instead of monetary payment); services which have
strong IP implications, but as well network effects, etc. Digital contents pose these new
problems to a degree that seem to open a truly new dimension of object of contract and
questions of performance.84
83
Remedies for lack of conformity. Art. 14(1) provides that “In the case of a lack of conformity, the
consumer shall be entitled to have the digital content or digital service brought into conformity, to
receive a proportionate reduction in the price, or to terminate the contract, under the conditions set
out in this Article.” There are changes, note, in particular, new Art. 14(4)(d): “the lack of confor-
mity is of such a serious nature as to justify an immediate price reduction or termination of the
contract” (see also recital para. 65).
84
Grundmann and Hacker (2017), p. 262.
318 P. Giliker
In seeking to future-proof legislation, the Commission faced the challenge of

catering for fast technological development and a wide range of types of contracts,
including computer programmes, applications, video files, audio files, music files,
digital games, e-books or other e-publications, and also digital services which allow
the creation, processing, access to or storage of data including software-as-a-service
such as video and audio sharing and other file hosting, word processing or games
offered in the cloud computing environment and social media. There can be no
doubt that the Commission underestimated the difficulty of the task it set itself.
Secondly, while the aim of the pDCD was to innovate and adapt contract law to
this new context, this was not undertaken from scratch and the Directive owes much
to its predecessors: the CSD and CESL. This gives rise to an obvious tension within
the final version of the Directive between the desire to innovate and the decision to
adapt previous models of consumer contract law to the specific context of the supply
of digital content. This can be seen, for example, in the desire to place “second
chance” at the heart of the remedial structure of the Directive, at the expense of the
right to terminate, and in the focus on “non-conformity”. Inevitably, the question is
raised of just how “innovative” this Directive wants to be. Examining the response
to the pDCD and the debate which followed, it is worrying also that many of the
more radical proposals (reversed burden of proof with no time limit; right to termi-
nate long-term contracts; even the automatic right to terminate for failure to supply)
that sought to protect consumers in this context have been regarded as sticking
points and abandoned. This does indicate a certain level of desperation to obtain
approval for the provision as a whole and a lack of confidence in the initial drafting
process of the directive. It begs, however, the question whether more time was
needed in drafting the directive to avoid the debate which followed or, at least, to
have the ability to defend innovative provisions.
Maximum harmonisation is also an issue that has caused problems. Essentially,
if such measures are perceived to reduce consumer protection in a number of States,
then any “consumer protection” credentials will be immediately tarnished.85 In
engaging in maximum harmonisation, therefore, the Commission needed to con-
sider (and consult more fully on) the implications for national consumer law.
Further, one cannot ignore matters of procedure, notably the impact of different
national prescription/limitation periods that are not subject to maximum harmonisa-
tion and the risk of fragmentation which may result.
Finally, tying the measure to an even more ambitious project—the online (now
all types of) sale of goods contracts rendered it vulnerable to attack on a number of
fronts—notably for inconsistency with the provisions of the sale of goods proposals
and for a lack of clarity in its demarcation—and rendered it difficult for the pDCD
to sever its fate from that of its more contentious counterpart.
Drafting legislation, then, in this field is not easy. As a UK lawyer, I would cer-
tainly not make any claim that the UK Consumer Rights Act 2015 got it 100% right.86
85
Lehmann (2016), p. 755, more cynically, has asserted from the start that the main motivation
behind the proposals was not the lack of consumer protection provisions at the national level, but
rather the stimulation of the EU economy rendering such concerns inevitable.
86
See my critical assessment: Giliker (2017b).
I would argue, however, that a failure to implement on time legislation in an area of

law where there is a clear demand for intervention should make us pause and reflect.
Recognition is needed that innovation requires consultation to bring stakeholders on
board, that national sensitivities regarding matters such as prescription and con-
sumer welfare need to be appreciated and that the more ambitious the project (inter-
linked directives; maximum harmonisation; new rights to terminate long-term
contracts and so on) the more likely that approval cannot be guaranteed and that
care must be taken in the drafting process. These may seem obvious conclusions to
draw, but, as this chapter has shown, they continue to provide obstacles to legislative
reform. To be blunt, while it is clear that one reason for the delay has been the fail-
ure to embrace fully the difficulties of using traditional consumer law methods in
the context of new technology, this is not the only problem. In particular, I would
argue that this saga raises deeper concerns about the need to draft legislation in a
way that attracts consensus and avoids the detailed debates and dissections which
have met the pDCD. It would seem that offering “an ambitious yet balanced com-
promise between guaranteeing rights for European consumers while creating new
business opportunities for EU companies”87 has not been the straightforward exer-
cise the Commission in 2015 had hoped.
References
Beale H (2016a) Scope of application and general approach of the new rules for contracts in the
digital environment: in depth analysis. European Parliament – Policy Department for Citizen’s
Rights and Constitutional Affairs. PE 536.493
Beale H (2016b) The future of European Contract Law in the light of the European Commission’s
proposals for Directives on digital content and online sales. Revista de Internet, Derecho y
Política, No. 23 (December 2016), pp 1–20
BEUC (The European Consumer Organisation) (2018) Digital Content Directive: key recommen-
dations for the trialogue negotiations. https://www.beuc.eu/publications/beuc-x-2018-003_
digital_content_directive.pdf
Bradgate R (2010) Consumer rights in digital products: a research report prepared for the UK
Department for Business, Innovation and Skills. Institute for Commercial Law Studies,
Sheffield and BIS, London. http://www.bis.gov.uk/assets/biscore/consumer-issues/
docs/c/10-1125-consumer-rights-in-digital-products
Bunz M, Meikle G (2017) The internet of things. Polity Press, Cambridge
Claeys I, Terryn E (eds) (2017) Digital content and distance sales: new developments at EU level.
Intersentia, Cambridge
de Franceschi A (ed) (2016) European Contract Law and the digital single market: the implications
of the digital revolution. Intersentia, Cambridge
European Law Institute (2016) Statement of the European Law Institute on the European
Commission’s Proposed Directive on the supply of digital content to consumers COM (2015)
634 final. https://www.europeanlawinstitute.eu/fileadmin/user_upload/p_eli/Publications/
ELI_Statement_on_DCD.pdf
87
Press Release by European Council, ‘Council and Parliament agree on new rules for contracts for
the sale of goods and digital content’ 29 January 2019, quoting T. Toader, Minister of Justice of
Romania. Romania held the Presidency of the EU from January–June 2019.
320 P. Giliker
Fairgrieve D (2019) Reforming the European Product Liability Directive: Plus ça change, plus
c’est la même chose? JPI Law: 33–40
Giliker P (2017a) The Consumer Rights Act 2015 – A bastion of European consumer rights? Leg
Stud 37:78–102
Giliker P (2017b) Regulating contracts for the supply of digital content: the EU and UK response.
In: Synodinou T, Jougleux P, Markou C, Prastitou T (eds) EU Internet Law. Springer, Cham,
pp 101–124
Grundmann S (2017) European Contract Law in the digital age. Intersentia, Cambridge
Grundmann S, Hacker P (2017) Digital technology as a challenge to European Contract Law. Eur
Rev Contract Law 13:255–293
Helberger N et al (2013) Digital content contracts for consumers. J Consum Policy 36:37–57
Hoekstra J, Diker-Vanberg A (2019) The proposed directive for the supply of digital content: is it
fit for purpose? Int Rev Law Comput Technol 33:100–117
Howells G, Twigg-Flesner C, Wilhelmsson T (2018) Rethinking EU consumer law. Routledge,
Abingdon
Kelly C (2018) Consumer reform in Ireland and the UK: regulatory divergence before, after and
without Brexit. Common Law World Rev 47:53–76
Lehmann M (2016) A question of coherence, the proposals on EU contract rules on digital content
and online sales. Maastricht J Eur Comp Law 23:752–774
Loos M et al (2011) The regulation of digital content contracts in the optional instrument of con-
tract law. Eur Rev Private Law 19:729–758
Mak V (2016) The new proposal for harmonised rules on certain aspects concerning contracts for
the supply of digital content: in depth analysis. European Parliamentary Research Service, PE
536.494
Miller L (2011) The emergence of EU Contract Law. OUP, Oxford
Prastitou Merdi T (2017) The proposed new digital single market contract law directives: a new
start for digital European Contract Law? In: Synodinou T, Jougleux P, Markou C, Prastitou T
(eds) EU Internet Law. Springer, Cham, pp 125–161
Remáč M (2016) Contract rules for online purchase of digital content and tangible goods – part
of digital single market: implementation appraisal briefing. European Parliament PE 573.293
Samuels A (2016) The Consumer Rights Act 2015. JBL: 159–185
Schulze R, Staudenmayer D (eds) (2016) Digital revolution: challenges for contract law in prac-
tice. Nomos, Baden-Baden
Schulze R, Staudenmayer D, Lohsse S (eds) (2017) Contracts for the supply of digital content:
regulatory challenges and gaps. Nomos, Baden-Baden
Sein K (2017) What rules should apply to smart consumer goods: goods with embedded digi-
tal content in the borderland between the digital content directive and normal contract law. J
Intellect Property Inf Technol Electron Commun 8:96–110
Smits JM (2016) New European Union proposals for distance sales and digital contents contracts:
fit for purpose? Zeitschrift für europäisches Privatrecht: 319–324
Spindler G (2016) Contracts for the supply of digital content – scope of application and basic
approach – proposal of the Commission for a directive on contracts for the supply of digital
content. Eur Rev Contract Law 12:183–217
Twigg-Flesner C, Canavan R, MacQueen H (2016) Atiyah and Adams’ sale of goods, 13th edn.
Pearson, Harlow
Weber RH, Weber R (2010) Internet of things: legal perspectives. Springer, Heidelberg
Wendehorst C (2017) Consumer contracts and the internet of things. In: Schulze R, Staudenmayer
D, Lohsse S (eds) Contracts for the supply of digital content: regulatory challenges and gaps.
Nomos, Baden-Baden, pp 189–224
Whittaker S (2016) Distinctive features of the new consumer contract law. Law Q Rev 133:47–72
Willett C (2018) Re-theorising consumer law. Camb Law J 77:179–210
Chapter 15
Consumer Protection on Social Media
Platforms: Tackling the Challenges
of Social Commerce
Christine Riefa
Abstract A growing number of individuals and businesses are using social media
platforms to sell goods and services. Social commerce therefore combines
e-commerce features with the rich social interaction that social media fosters. Social
commerce is a growing phenomenon, but to expand its reach, trust in online plat-
forms and the processes used to transact is essential. Yet, there is convincing evi-
dence that social media sites are increasingly used by fraudsters, a fact that could
rapidly undermine consumer confidence. This chapter explores some key trends as
to how social media platforms are used to advertise and buy/sell consumer goods
and evaluates their compliance with consumer protection laws. It shows some of the
challenges faced by consumers, in particular with the rise of e-commerce scams
perpetrated on social platforms. The article reflects on a range of avenues (including
self regulation, intermediary liability, collective actions, public enforcement) to
improve the protection of users that engage in social commerce or use social plat-
forms more generally.
1 Introduction
The Cambridge Analytica scandal brought to the fore the many dangers that the
unrestricted use of the data collected and circulating on social media platforms1
represents. It is alleged that data mining enabled the manipulation of votes during
1
‘Online platforms come in various shapes and sizes (…). Presently, they cover a wide-ranging set
of activities including online advertising platforms, marketplaces, search engines, social media
and creative content outlets, application distribution platforms, communications services, pay-
ment systems, and platforms for the collaborative economy’. European Commission Communication
COM (2016) 288 final, p. 2. For a more detailed classification, see TNO (2015), p. 10. Also see
Evans and Gawer (2015), p. 9. Also see European Commission (2018), p. 10, par 1.3 which dif-
ferentiates between profile centric platforms and media centric platforms.
C. Riefa (*)
Brunel University, Uxbridge, UK
e-mail: Christine.riefa@brunel.ac.uk

https://doi.org/10.1007/978-3-030-25579-4_15
322 C. Riefa
the US election, as well as swing other elections thanks to fake news2 and other dirty
tricks. But it only touches the surface. Beyond the use of personal data for political
ends, social media platforms harbour a number of further challenges for consumer
protection, many going unnoticed.
A large volume of literature exists concerning social media, mostly focussed on
how to harness it as a marketing outlet. However, very little has been written on
consumer protection aspects and how to protect consumers from scams and pur-
chases gone wrong and other poor market practices. Yet, a growing number of indi-
viduals and businesses are using social media platforms to sell goods and services,
announcing the era of social commerce. Social commerce uses social media tools
and Web 2.0 technologies in electronic commerce.3 Distinct from traditional
e-commerce, which focusses on enhancing the efficiency of online shopping, social
commerce delivers a rich social, interactive and collaborative shopping experience.4
It includes relying on users to assist online buying and selling of products and
services.
While to this day, social commerce is still in its infancy, there are clear sign that
developments are forthcoming.5 Transaction fees are already one of the revenue
streams of social media platforms.6 Besides, it is estimated that social commerce
represented at least $14 billion dollars in 2015, steadily increasing from previous
years. In 2016, a study revealed that 73% of those who have tried a social buy but-
tons say that they would do so again.7 Another survey by Statista showed that 65.4%
of US users had used a social media platform to make purchase directly through a
post in 2017.8 Facebook captures 47.7% of those users with other platforms trailing
behind. As the size of social media worldwide continues to grow, social commerce
is predicted to develop.9
As social commerce tries to expand its reach, trust in online platforms is essen-
tial. Yet, there is equally convincing evidence available that social media sites are
increasingly used by fraudsters, a fact which could rapidly undermine consumer
confidence. In particular, research carried out by Consumers International shows
that while the overall numbers of scamming incidents (on and off-line), may not be
on the increase overall, the internet and social media platforms in particular are
2
See Digital, Culture, Media and Sports Committee (2019).
3
Huang and Benyoucef (2017), p. 40. See also, Liang and Turban (2011), pp. 5–13, cited in Gibreel
et al. (2018), p. 152.
4
Ibid Huang, 40 citing Yang et al. (2015), pp. 1–9.
5
Meanwhile, a number of consumer protection issues are salient with the way social media plat-
forms interact with their users. Notably, presenting the use of social media as ‘free’ when in fact
data is used as a currency and the use of many unfair terms and conditions. This chapter does not
address those problems.
6
European Commission, Behavioural Study on Advertising and Marketing Practices in Online
Social Media, Final report (June 2018), 26, par 2.5 in fine.
7
Api2cart (2016).
8
Statista (2017).
9
Statista (2019a). The number of social media users worldwide in 2017 was estimated at 2.46 bil-
lion, a number predicted to rise to 3.02 billion by 2021.
15 Consumer Protection on Social Media Platforms: Tackling the Challenges of Social… 323
increasingly used to perpetrate those scams.10 A report from the Australian

Competition and Consumer Commission also shows that consumers in that country
have lost over $15 million in 2018 to scams on social media platforms.11
This chapter explores some key trends as to how social media platforms are used
to advertise and buy/sell consumer goods. It shows some of the challenges faced by
consumers, in particular with the rise of e-commerce scams perpetrated on social
platforms. The article reflects on a range of avenues to improve the protection of
users that engage in social commerce or use social platforms more generally.
2 Social Commerce
Social commerce is essentially composed of two main elements. Social media mar-
keting, as most social media outlets operate on a two-sided model, financed by
advertisement12; and buying/selling products directly on a social platform. Both
bring their own set of challenges.
2.1 Buy and Sell Features on Social Media Platforms
Twitter’s early attempt at social commerce failed and all development of the ‘buy’
button was suspended in 2016. Other platforms have been more successful but
unlike more established marketplaces such as eBay, Airbnb or Uber, social media
platforms do not (yet) provide a proper infrastructure to conduct sales online.
The Facebook market place enables the posting of an advert and for sellers to be
messaged with a view to conclude a sale, but it does not support online payments.
Advertisers have to refer visitors to an external website or other facilities to con-
clude the sale. The buy and sell function is at present mostly designed to enable
consumers to conclude purchases face to face. Many discuss the details of a sale via
messenger and agree price and a collection point via this channel. Retail posts on
Instagram often refer to a website or provide mobile phone and/or email details to
get in touch. However, Instagram has also developed a ‘shop now’ button that
launched in 2016, but so far reserved to a selection of partners. Some Pinterest posts
enable direct purchases, through what are known as ‘buyable pins’. They are also,
for the time being, restricted to a number of selected retail partners and US busi-
nesses, although those pins are accessible from the EU. An ‘add to bag’ button is
included on the pins and simply links back to the merchant’s website.
One of the key to the development of social commerce is to enable payment
features and those have been developing at a fairly fast pace. Wechat, the tencent
10
Consumers International (2019), p. 12.
11
Scamwatch (2018).
12
House of Lords (2016), p. 19, par. 48.
324 C. Riefa
chat app developed Wechat Pay to rival with Alibaba Pay was launched in Europe in
2017 (following the launch of Alipay in 2015). Third-party app developers also
offer solutions to transform social media marketing into an integrated e-commerce
solution. Spreesy is such an example. It enables sales on Instagram, Facebook,
Twitter and Pinterest without the need for a link to an external website and/or email
address provided by the seller to place an order. The solution rests on ‘comment
buying’. Interested purchasers need to provide their email addresses in the comment
section of the social media post and receive an email for automated purchase.13
Spreesy also allows users selling on the market place Etsy to link directly to
Instagram or Facebook, providing additional shopping outlets. Penny #paywith-
penny also enables Instagram users to pay for goods through an app.
It is therefore only a matter of time before social media users are able to seam-
lessly pay for goods and services advertised on all platforms from their laptops,
tablets and phones. It is early days and, so far, retail functions are slow to attract a
wide audience, but they are spreading.14 This is possibly explained by the fact that,
even if they do not generate revenue, they contribute to building user profiles.15 The
links between market places and social media are also likely to blur further in social
commerce with the development of overlay services.
From a user’s point of view, it is feasible that consumers will understand that
they bought from a particular entrepreneur and not from the social media platform
or market place itself, or even the overlay service, although it may be quite confus-
ing in some cases. For example, a seller on Etsy (a market place) can use Spreesy
(an overlay service) to also advertise and conclude the sale via Facebook (the social
media platform) that the consumer consults. It is not at all clear who the consumer
would have to get in touch with if something goes wrong with that sale. An added
layer of complexity is linked to the legal classification of the seller in the first place.
The background report to the 2016 OECD Ministerial meeting on the digital
economy rightly notes that ‘it can be difficult to apply existing consumer protection
frameworks to business models that blur the boundaries between consumers and
businesses. Some peer providers may generate sufficient commercial activity to sug-
gest that they should bear consumer protection responsibilities, while at the same
time appearing to be in a consumer relationship with the platform’.16 The report is
focused on peer-to-peer platforms and not social media, but the problem is raised in
almost identical terms on social media platforms, the same way it also was when
eBay exploded as a B2C tool.17
On Facebook or Pinterest for example, it is difficult to tell if the party the con-
sumer is buying from is a trader. Yet, it is only in B2C relationships that consumer
13
Aside from any social commerce issue, this also raises some privacy issues as the email address
is left as a public comment. This is the case even if the shop operated as a closed group.
14
Chen (2016).
15
Alba (2016).
16
OECD (2016), p. 6.
17
For more details on the difficulties to identify consumers and traders on online platform and sug-
gestions for a workable test, see Riefa (2015), pp. 23–30.
law applies. Unlike on eBay, the parties are not normally identified as traders or
consumers with a label affixed to their profiles. Social media platforms also do not
provide a template for posts that is adequate for B2C sales and meeting all the legal
requirements applicable to the sellers who are defined as traders (at least in the EU).
For example, there is no requirement to fill in a template with the key information
about the trader including its geographical location, the price including taxes, the
main characteristics of the goods, how to solve disputes, etc. The overlay services
such as Spreesy offer more structure but are also not fully compliant with European
standards of disclosure. Many practices would already fall within the remit of the
Unfair Commercial Practices Directive18 but much uncertainty remains.
The behavioural study on the transparency of online platforms,19 showed that
after price, information about the fact that the contractual entity is a trader, which
offers consumer rights, increased the probability of selection of products advertised
on marketplaces. The absence of such information decreased selection probability.
Consequently, the latest effort from the European Commission to reform consumer
law, the so-called ‘new deal’ requires more transparency on online marketplaces
and imposes a positive obligation on the platform itself to identify parties as con-
sumers or traders. The proposal introduces additional information requirements in
Directive 2011/83/EU, which require online marketplaces to clearly inform con-
sumers about: (a) the main parameters determining ranking of the different offers,
(b) whether the contract is concluded with a trader or an individual, (c) whether
consumer protection legislation applies and (d) which trader (third party supplier or
online marketplace) is responsible for ensuring consumer rights related to the con-
tract (such as the right of withdrawal or legal guarantee). Those obligations would
apply to social commerce.
But the requirement for information remains largely based on the parties self-
certifying and opting for their choice of legal classification (trader or consumer).
Thus, problems will remain because the proposal does not provide a reliable test to
predictably decide who is a trader and who may be a consumer. The opinion from
AG Szpunar in the case of Kamenova does present a number of criteria that can be
used on a case-by-case basis20 but it leaves this assessment to national courts, with
all the complications this may engender. This position was confirmed by the
CJEU. The court held that it was not sufficient, by itself, to classify a person as a
“trader” that a person published simultaneously on an online platform eight adver-
tisements offering new and second-hand goods for sale. To be classified as such and
for the activity to constitute a commercial practice, the person must be acting for
18
See SWD (2016) 163 final.
19
20
AG Szpunar’s opinion in CJEU, Komisia za zashtita na potrebitelite v Kamenova, Case C 105/17
highlights the following as potential criterion to use in making this assessment: Whether the sale is
part of an organised profit-seeking activity; specific timeline and frequency; seller’s legal status
allowing to trade; VAT tax payer; agency; purchase of new or used goods for resale purpose; organ-
ised, frequent or concurrent sales in connection with professional activity; number of items of
same type and value. Also see for suggestions for a workable test, supra n 25.
326 C. Riefa
purposes relating to his trade, business, craft or profession, which the national court
must determine in light of all relevant circumstances in the individual case.21
While the onus to comply with consumer laws is on the platform users,22 it seems
essential that social media platform develop adequate means to ensure consumer
laws are respected by businesses using social media to advertise and trade. They
ultimately benefit from sellers on their platforms by selling advertising. At the very
least, platforms ought to do more to educate their users about legal obligations that
befit them when selling and/or advertising via their intermediary and possibly pro-
vide templates that enable users to include key information that the law requires.
The new deal seems to impose a more proactive approach, but it is not specifically
designed for social media where the usual lines between private/public life and
commerce are fuzzier than on other platforms. There will also be a need to consider
the fact that social media platforms are not ‘traditional’ online retail spaces and the
behaviour of consumers using them to initiate and/or make purchases may differ as
a result.
In other areas, such as trolling, platforms have taken action, demonstrating that
they are able to exercise some control over their users and the contents produced. It
could therefore be feasible to envisage more control over who is using the platform
and in particular controlling the spread of fake accounts and striking out users that
do not respect consumer laws, although this of course presents its own challenges.
It first clashes, at least in Europe and the USA, with standards of liability for online
intermediary hosts and raises questions about the way in which the platforms ought
to proceed to police retail activity (more below).
The rules under the new deal focus primarily on information. When sales go
wrong in social commerce, the already existing provisions under the Consumer
Rights Directive would apply. While this provides the EU consumers with more or
less adequate protection, it leaves unresolved the fact that in social commerce less
prominence is given to the geographical location of the parties than in more tradi-
tional electronic commerce. Hence, presuming that the Trader/Consumer legal clas-
sification are clear, there is an additional danger to see the EU consumers buying
beyond the borders of the EU and thus forego the protection they would have been
entitled to under the EU law. According to a survey of Which? members, about a
quarter of consumers do not check the geographical location of the party they pur-
chase from.23 This has the potential to create very thorny problems, not least the fact
that redress may be very difficult to obtain if not impossible.24
21
CJEU, Komisia za zashtita na potrebitelite v Kamenova, Case C 105/17 Judgement of 4 October
2018, par. 2, 37–40 and 45.
22
Unless the trader has given the platform it uses a mandate to act in their name or on their behalf.
If that was to be the case, the EU Commission guidance document on the Consumer Rights
Directive explains that the platform and trader using the platform would share the liability for
compliance with consumer law. See European Commission (June 2014), p. 31.
23
BEUC (2017), p. 12.
24
On those issues, see BEUC (2017). The report explains that while there is a legislation that dic-
tates that a consumer could not be prevented from suing in his or her country of origin, enforcing
that judgment is another matter that requires suing in the country where the trader is established to
obtain exequatur in case of non-compliance.
2.2 Marketing Products on Social Media Platforms
Social media offers a platform for advertising25 which takes several forms. It relies
primarily on consumers themselves to spread the message, by sharing information
on product or simply ‘liking’ the business page. This is often referred to as viral
marketing, the equivalent of word of mouth.26 Businesses can also create a business
page or channel on social media and use it to promote their activities and products.
Finally, social media platforms also promote products by selling advertising space.
The advertising in those cases is targeted and uses data gathered on each user to
present relevant product information.27
The Ofcom Communication Market Report 2017 highlights that advertising on
social media in the UK is on the rise. In particular, social media is the preferred
advertising channel for SMEs.28 This is a trend that is confirmed worldwide with top
brands in the world having a presence on Instagram and other social media.
Advertising revenues on social media platforms have also grown year on year.29
Problems with advertising standards are clear. A search on the UK’s ASA rulings
database for the year 2017 alone, using the key word ‘Internet Social Networking’
returns 47 rulings (of which 15 were not upheld and 4 were upheld only partly) and
164 informally resolved cases. It shows that there are a number of cases where the
legitimacy of the business operator is not called into question (contrary to the issue
of scams dealt with below), but where the advert or practice falls short of profes-
sional standards and the code of conduct.
One issue of particular concern is the use of online reviews and endorsements
and ensuring that consumers can tell the difference between unprompted reviews
and paid-for commercial communications. A number of studies have highlighted
the fact that social media marketing is particularly influential in a consumer buying
decision process.30
In 2016, fake online endorsements were in the top 10 scams according to the
BBB.31 ICPEN has issued a set of guidance on this subject aimed at review admin-
istrators, digital influencers, traders and marketing professionals.32 They prompt for
fairness and transparency. However, communication on social networks can make
spotting the commercial nature of certain content particularly difficult. This is why
25
Note that WhatsApp is an ad-free app, which used to run on a subscription model. It is no longer
charging for the use of the app (with some exception in some markets) and reporting a loss. There
is a speculation as to how it will make money in the future. It was acquired by Facebook in 2014
for $19.6 billion to reach markets where Facebook is not as established.
26
Trzaskowski (2011).
27
Riefa and Markou (2014), p. 384.
28
Ofcom (August 2017), p. 201.
29
Statista (2019b). Figures show advertising spend more than double between 2014 and 2017.
30
CMA (2015) and European Commission (2018).
31
Weichel (2017).
32
ICPEN (2019).
328 C. Riefa
it is important that ‘digital influencers’33 are providing the public with genuine
reviews and are adequately disclosing whether the content of their reviews or
endorsement are paid for or if they have any particular relationships with any of the
products featured, principles that are adopted by the ICPEN guidance.
For example, on Twitter one way to denote that a post is an advert may be to use
a hashtag, although not all regulators agree that this is necessarily sufficient to make
the nature of the advert clear to consumers. For example, in the UK, the CMA has
taken some action against businesses and social media personalities, as well as issu-
ing some guidelines.34 There is also an ASA ruling confirming that @brandname
directly following a message could be sufficient35 but the absence of #ad despite the
presence of a @brandname could fall foul of the rules and be misleading consumers
as to the nature of a tweet.36 Similar discussions take place in the USA, where the
FTC does not believe that #Spon denoting that a post is sponsored is always suffi-
ciently clear, nor are links to external websites explaining the nature of the post.37
According to the Norwegian Ombudsman, the label needs to be placed at the begin-
ning of the advert text and not at the end.38
In addition, consumers may be also publicising products in exchange for prizes,
free products or vouchers and review products favourably without their peers being
aware this is the case. The EU Commission guidance on unfair commercial prac-
tices quotes the ‘guidance on Labelling of Marketing in Social Media by the
Norwegian Consumer Ombudsman [that] reads: ‘You can comment on products
that you have bought yourself or received as presents from, for example your friends
or your boyfriend, without labelling the information as marketing, as long as you do
not link the product to an advertising network. It is in cases where both you and the
advertiser get an advantage from your comments that you must label it as market-
ing, for example if you have received a jacket for free and then make comments
about the jacket in your blog.’39 It is however unclear how such rule could be
enforced because the unfair commercial practices directive only applies in B2C
relationships. Not all bloggers will be ‘traders’ under the legal definitions normally
applicable and it seems that trying to conceptualise the consumer posting the review
against a ‘payment of sort’ would fall short of the definition of a trader in many
33
For more on the issue, see Riefa and Clausen (2019).
34
CMA (2016b); see also, CMA (2015, 2016a).
35
ASA (2013) Nike UK Ltd. Wayne Rooney posted a tweet message “The pitches change. The
killer instinct doesn’t. Own the turf, anywhere” followed directly by the @NikeFootball Twitter
address, the hashtag “myground” and a link to a picture. The ASA considered that the reference to
Nike Football was prominent and clearly linked the tweet with the Nike brand and the overall
effect was that the tweet was obviously identifiable as a Nike marketing communication.
36
ASA (2016) Alpro (UK) Ltd.An ad by a TV presenter was presented in a similar ‘voice’ to his
other tweets and did not include any clear identifier, such as “#ad”, to demarcate it from her own
content. The ASA concluded that the presence of the @alpro_uk would not make clear to consum-
ers the commercial intent of the content or the editorial control exercised by the advertiser.
37
See for example in the US, FTC (2013) Guidelines, Annexes, Example 17, A20.
38
Forbrukertilsynet (2018).
39
SWD (2016) 163 final, p. 144.
cases. However, many bloggers are increasingly making a living out of the activity
(whether full or part-time), in which case they could no doubt be subjected to the
legislation in question. The difficulty will remain however with defining the point at
which activity ceases to be on a personal basis only to becoming professional.40
The EU Parliament Resolution on Online Platforms and the Digital Single
Market stressed the importance of providing users with clear, impartial and trans-
parent information on the criteria used to filter, rank, sponsor, personalise or review
information presented to them. It underlined the need for clear differentiation
between sponsored content and any other content.41 It called on the Commission to
address certain issues of platforms’ review systems, such as fake reviews or deletion
of negative reviews, with the aim of gaining competitive advantage, and stressed the
need to make reviews more reliable and useful for consumers and to ensure that
platforms respect existing obligations.42 While the new deal acknowledged the
Parliament’s position, the bulk of the new rules focus on transparency regarding
rankings rather than on reviews.43 The onus thus remains on the application of the
Unfair Commercial Practices Directive to ensure fairness for consumers with the
caveats already highlighted. Further, the application of the UCPD to control digital
influencer marketing and online reviews is an imperfect tool, which would require
some legislative changes that the new deal largely ignores.44
3 Social Media Scams
It is difficult to assess the scale of scams on social media platforms. This is primarily
because the way fraud gets reported, does not normally record the type of platform
used. While some statistic record whether the fraud was online or off, it does not
normally record what type of website or platforms it was perpetrated on. Besides, it
is not always clear how to classify practices on a scale between unfair commercial
practices and scams. While all scams are clearly unfair commercial practices, the
opposite is not necessarily true. Some practices are difficult to place,45 although it is
possible to envisage that practices on the UCPD black list would be most likely
deemed scams as opposed to those that must be tested for unfairness.
40
Similar classification issues were encountered with the legal classification of traders on eBay.
The issue resides in identifying the cut-off on this sliding scale. See Riefa (2015), pp. 26–30. See
also, Kamenova supra 30.
41
European Parliament (2017), p. 11, par. 56.
42
Ibid, par. 57.
43
European Parliament (2018).
44
Riefa and Clausen (2019).
45
See for example, social proof practices that consist of buying followers or likes to increase the
exposure of an online profile and use it to convince more users to buy products. For more on this
practice and how to control it (via the UCPD blacklist), see European Commission (2018), p. 94,
par. 7.3.
330 C. Riefa
While all the scams are not necessarily focused on advertising or the formation
of a sales contract, the existence of scams can have an influence on the purchasing
habits of consumers and their trust in social commerce. Addressing the safety of the
environment in which consumers transacts is therefore also key to improving the
protection of consumers. To do so, good understanding of the way social media is
used to questionable ends is essential.
Common scams include password hacking, fake and duplicate accounts along-
side scams that play on consumers’ vulnerabilities. Get rich quick schemes play on
greed and credulity. Other scams play on the victims’ need to form relationships
(some out of loneliness), wanting to make friends or find love for example. Other
scams focus on exploiting trading situations. In many scams, the social media plat-
form is only a way to contact the victim. In others, the social media account is the
target of a first scam to set up another scam using the ‘stolen’ account. The tech-
niques encountered are all pre-existing but are being adapted to the use of social
media. For example, identity fraud used to require sophisticated and sometimes
long investment into researching the life of a victim. It now takes very little time on
Facebook to pick a birthdate, complete with year of birth, relationship status, name
of next of kin (especially when people declare to Facebook what their relationships
are), location, etc. Some techniques go even faster and simply consist in finding a
trick to have the consumer voluntarily hand over those details through the lure of
‘free’ goods or having won a prize or download a piece of spyware that will do the
work for the scammer.
Table 15.1 describes the most reported scams and the platforms they have been
reported to operate on based on desk research conducted in July/August 2017.
While there may be slight regional variations (or scams that are particularly active
in certain regions—Sextorsion scams for example are said to be particularly promi-
nent in Asia46), the techniques used to prey on unsuspecting consumers are pretty
similar around the world. Note however that scams tend to be transient and spread
to new territories once shut down in a country or set of countries. The report from
Consumers International also found that scams are often perpetrated across bound-
aries between countries speaking a common language and that a large proportion of
scams always have at least some international elements.47
4 S
olutions to Improve Consumer Protection in Social
Commerce
Potential solutions do not exist in a vacuum. They all interlink and need, to a large
extent, to work together to be efficient. The avenues explored should also not over-
shadow the need for educating consumers as much as possible on the dangers of
46
Symantec (2016), p. 29.
47
Table 15.1 Social media scams by category & platforma

Scam Description Instagram Twitter Facebook
Greed & fear Scams—Scam using greed or fear to extract money or access personal
information
Phishing emails E.g. claiming that access to Fb or Twitter will x x x
& SMS scams be disabled, that by clicking on a link you will
(Smishing) be able to watch a live stream of an important
sport event. All have fake links to click on, to
extract access to the social media site
Sale of fake Instagram profiles with lots of followers are x
account with sold off. Playing on vanity or greed (having a
followers lot more followers than would normally have)
Money flipping Several variations exist: Adding money onto a x x x
prepaid card and giving access to the scammer
who promised to hack the card account and
add money to it. Instead they block the
consumer and take the money on the card;
using empty bank account of the victim
depositing fraudulent cheques and
withdrawing all the money before the victim
can access it
Bogus employment Scams—Scams using the need for work to extract money
Ponzy Scheme/ Against a membership fee, users can make an x x
Pyramid income from liking items on social media and
Scheme recruit more members to do the same. A
variation is earning money through seeing
online advertising
Financial services Scams—Scams using the need for money to extract money
Loan Scam Loan is offered at a low rate against a set up x
fee
Loneliness Scams—Scams using the need to form relationships to extract money or access
personal information
Friend Scam Scammers befriend the victim and ask for a x
phone number and provider to buy gaming
credits online or online gift cards. Victims
asked to confirm via message to their phone
with a verification code often do so. Later to
realise their mobile phone bill has been
charged
Romance Using platform to befriend and extract money x
either via fake story of hardship or by sending
a parcel detained by customs, for which the
victim needs to pay money to release and
receive
Sextorsion Use of compromising personal images to ask x
for money under the threat of sending the
photos to friends and family
Gaming scams—scams using entertainment to lure victims
(continued)
332 C. Riefa
Table 15.1 (continued)
Fake Quizzes What kind of character from [tv show, etc.] are x
you? Quiz asking for personal and bank
details and starting to charge money monthly,
unbeknown to the consumer
Trading Scams—scam developing in a seemingly commercial relationship for the provision of
goods (incl. digital) or services
Scam Gift/ Using logos of known brand, the scam x x
vouchers requires claiming vouchers by liking or
sharing the link to a scam survey with
personal details which enable scammers to
steal identity. A variation may enable gaining
control of the social media account
‘Free’ stuff Use lure of ‘free’ to obtain personal account x x
details (often through spyware or details given
by consumer). Includes hoverboard, iphones,
flight tickets, etc.
Fake lottery or Victim is contacted via messaging to inform a x
competition prize has been won. To access the said prize,
win winner needs to provide personal information
as well as pay fees or taxes. Variations include
messages with a link to malware or message
coming from a hijacked account form a family
or friend’s profile
Fake product Links to websites are advertised on social x
sales media (through hacked accounts). They lead
(counterfeit) to shops selling fake merchandise or
completely bogus sites extracting credit card
information
Fake fan pages Page running a competition and asking fans to x
participate by linking the page, sharing and
commenting on the page
Products non Consists in taking orders and money but not x
delivered delivering the goods
Bitcoin scams Targeted at bitcoin users or wannabe users. X (1) x (2) X (4)
The scams exploit what makes bitcoin (3)
desirable (decentralized, anonymous and
irreversible). This includes a number of scams
also references elsewhere in this table. Money
flipping offering to increase the amount of
bitcoin in one’s account—emptying it instead
(1); bitcoin phishing claiming clicking on link
will earn bitcoins, but instead installs malware
(2); Phishing bitcoin brand impersonators
asking consumers to check status on database
asking consumers to enter private key (3);
pyramid schemes and cloud mining schemes
(4)
(continued)
Table 15.1 (continued)
Bad products Consumers receive a product that does not do x
what it claims. No refund issued
Subscription Consumers subscribe to a free trial, which x
traps includes a covert subscription
Click farms & Fake ‘likes’ inflate the popularity of pages on x x
botnets click social media. Reliant on very cheap human
fraud labour. An equivalent technique consists in
using a botnet set up for click fraud using
computers to create fake traffic without their
owners’ knowledge
a
Source Christine Riefa—using examples of scams collected through online and desk research:
between 27 July and 16 August 2017
social media and appropriate uses, although it cannot be the only measure adopted.
Indeed, according to the Symantec Internet Security Threat Report 2016, ‘many
scams still rely on the poor security habits of the general public to succeed’.48
Besides, manual sharing was the most popular way to spread scams in 2015 repre-
senting 76% of cases recorded (up from 70% in 2014) followed by fake offering
(17% down from 23% the previous year), like jacking (5%, remaining stable) and
fake apps (2% and 1% in 2014).49 With manual sharing, the scammers rely on the
victims to share the scam with their friends by providing intriguing video content,
fake offers, etc. For fake offerings, the scammers invite users to join a fake event of
group lured by an incentive. This technique normally asks users to provide creden-
tials or send a premium rate text. LikeJacking uses fake like buttons to trick users
into clicking on website buttons that install malaware.50 Similarly, unfair commer-
cial practices, as well as poor retail practices, can often be spotted by consumers
that are sufficiently knowledgeable. Changing the habits of consumers and help
them become more Internet savvy is therefore important for any suite of solutions
to be fully effective, but any legislative solution relying on an ever-increasing
amount of information communicated to consumers as the main way forward would
be flawed.51
Using legislation on Unfair Commercial Practices is also an important part of
combatting unfair commercial practices and increasing consumer protection in
social commerce. However, at least at the EU level, it is clear that the pre-existing
legislative instruments do not always facilitate an easy route to enforcement for
national enforcers or consumers themselves and that some key changes to the legis-
48
Symantec (2016), p. 27.
49
Ibid, p. 30.
50
Ibid.
51
See Siciliani et al. (2019) who argue that one of the limitations of consumer law is to rely on the
neo-classical model of regulation where information is king, when it is in fact rational for consum-
ers not to pay attention to the plethora of information provided.
334 C. Riefa
lation would be necessary.52 Besides, looking at international level, there are a lot of
differences in the way the practices would be controlled. Therefore, complementary
solutions may need to be found elsewhere.
4.1 Self-regulation of Social Media Platforms
There is some evidence that platforms do go some way to assist users. They have a
reputational incentive in ensuring that users of their platforms are not subjected to
practices that may affect their trust. A lot of activity is noticeable on trolls, protect-
ing intimate images and looking at the safety of children.
No platforms however seem to provide any kind of redress to consumers falling
victims of scams or if the consumer buys a product that is not suitable or is never
received for example. There is also very little offered by way of assistance to dif-
ferentiate between good and bad traders, although solutions along the lines of algo-
rithms identifying scams are starting to develop. Airbnb notably provides warnings
about how to avoid scams had has adopted a real-time detection system that uses
machine learning and predictive analytics to evaluate hundreds of risk signals to
spot fake listings on its platform and flags these to stop bad actors and scams before
they can harm consumers.53 Facebook enable users to identify content appearing on
their timeline as scams, or block or remove pages. Blue and grey badges also appear
in pages search results indicating that a page is verified by Facebook. The help
pages offer some light advice on how to report fake accounts. However, when it
comes to helping consumers victims of scams, the responses from the help centre
are not particularly helpful. There does not seem to be much available to advise
consumers who may have bought goods and services via the platform’s intermedi-
ary if things go wrong.
Yet, it is clear that platforms are able to act if they chose to. Their user agree-
ments enable them to terminate their agreement with anyone violating their rules.
So far, however, the benefits of self-regulation remain limited and while account
blocking is a daily occurrence, the action tends to focus on manifestly illegal mate-
rial or repeated offences to the social media platform’s terms of use. Leaving
enforcement to the platforms alone is unlikely to work while those businesses are
driven by shareholders’ values seeking to maximise profits from advertising unless
there is a clear incentive to do so to retain consumer trust. However, platforms may
currently lack the motivation to act, because the scale of the problem is not yet suf-
ficiently acute to deter users from engaging with the platforms. Regulatory solution
may need to come to the fore to offer more viable protection. However, the new deal
52
Riefa and Clausen (2019). Also see Siciliani, Riefa, Gamper supra n 71 who advocate the cre-
ation of a general and positive duty to trade fairly which could be done via an extensive application
of the general clause under Article 3 UCPD and in particular the notion of professional diligence.
53
and improved transparency in the EU does not tackle the issue.54 Other regulatory
obstacles such as the territoriality of the consumer laws in place in the EU55 and the
liability regime in operation explain apathy in this area. There is also an issue of
competition as platforms rely on network effects and there are after all very few
alternatives to Facebook and other social media platforms. In addition, ownership of
platforms also reveals that moving from one platform to another may not solve the
issue for consumers. For example, Facebook also owns Instagram and WhatsApp
amongst others meaning that consumers are often ‘trapped’ and cannot vote with
their feet.
4.2 Regulation of Liability of Social Media Platforms
The question of liability thus becomes central to protecting users on social media
platforms that engage in social commerce activities.
Liability regimes vary across the world. In the USA, intermediaries are protected
by safe harbours rules that seem difficult to bring down. By contrast, Chinese law
adopts a very restrictive regime and puts pressure on intermediaries that have
knowledge of infringing activities without necessarily having much control over
them.56 In addition, some provisions expect that business operators (which would
include social media platforms) to compensate consumers that are victim of a fraud.
Punitive damages can be imposed leading to consumers recovering more than they
have actually lost. It is therefore placing the bar very high expecting social media
platforms to act as gate keepers.
In the EU, there has long been debate as to how much liability online intermedi-
aries should shoulder when transactions occurring or originating on their platforms
go wrong.57 This is especially so because the liability regime set out by the
E-commerce Directive (ECD)58 offers, at least on face value, a generous system of
protection. It provides an exemption from liability for illegal content and activities,
in respect of which the platforms, acting as a mere conduit or host, do not have
control or knowledge over, and upon obtaining such knowledge acts expeditiously
to disable access.59
54
Supra n 46.
55
BEUC (2017).
56
For a discussion of liability regimes for intermediaries in China, the USA and Europe, see Riefa
and Mo (2016). The liability principles for market places would apply to social media.
57
See for example concerning the liability of online auction sites and touching on search engines,
Riefa (2015), p. 175.
58
Council Directive (EC) 2000/31/EC of 08 June 2000 on certain legal aspects of information
society services, in particular electronic commerce, in the internal market OJ L178/1.
59
Ibid, Art 14.
336 C. Riefa
The case law from the European Court of Justice largely predates social media
but is applicable to their liability.60 It did however very much reduce the scope of
this exemption. In a number of key cases concerning search engines and online
retail platforms, it opted for a restrictive application of Article 14(1) and only grants
immunity to neutral hosts that behave like diligent economic operators in their dis-
covery and removal of any litigious materials.61 In addition, when intermediaries are
found to exercise decisive influence over the way a service is provided, they can be
barred from benefiting from the legal classification of information society services
altogether (and not just the immunity of Article 14) despite meeting all of its
criterion.62
In addition, under Article 15 ECD, it is not possible for Member States to impose
general monitoring obligation on online platforms.63 However, ‘Article 1(3) of the
e-Commerce Directive also makes it clear that the e-Commerce Directive “comple-
ments Community law applicable to information society services without prejudice
to the level of protection for, in particular, public health and consumer interests, as
established by Community acts and national legislation implementing them in so far
as this does not restrict the freedom to provide information society services”. This
means that the e-Commerce Directive and relevant EU consumer acquis apply in
60
They fall squarely within the remit of the ECD. They provided a service normally provided for
remuneration, at a distance, by electronic means and at the individual request of a recipient of ser-
vices. The provision of personal data in exchange for the use of the service can indeed be considered
remuneration. The CJEU recognised that the remuneration did not have to be paid by those to whom
a service was supplied in Bond van Adverteerders. For the problems recognising data as counter-
performance may engender, see European Data Protection Supervisor, Opinion 4/2017, on the pro-
posal for a Directive on certain aspects concerning contracts for the supply of digital content (14
March 2017), https://edps.europa.eu/sites/edp/files/publication/17-03-14_opinion_digital_content_en.
pdf.
61
See Joined Cases Google France SARL, Google Inc v Louis Vuitton Malletier SA and v Viaticum
SA, Luteciel SARL; Google France SARL v Centre National de Recherche en relations humaines
(CNRHH) SARL, Pierre Alexis Thonet, Bruno Raboin, Tiger SARL; See also L’Oréal SA and
Others v eBAy International AG and Others. In CG v Facebook Ireland Ltd and Joseph McCloskey,
Facebook failed to take down pages that identified a sex offender and disclosed details about his
offences and geographical location, despite having knowledge of the existence of the pages on its
service. Facebook was fined.
62
In Asociación Profesional Élite Taxi v Uber Systems Spain SL, the court explained: ‘the interme-
diation service provided by Uber is based on the selection of non-professional drivers using their
own vehicle, to whom the company provides an application without which (i) those drivers would
not be led to provide transport services and (ii) persons who wish to make an urban journey would
not use the services provided by those drivers. In addition, Uber exercises decisive influence over
the conditions under which that service is provided by those drivers. On the latter point, it appears,
inter alia, that Uber determines at least the maximum fare by means of the eponymous application,
that the company receives that amount from the client before paying part of it to the non-profes-
sional driver of the vehicle, and that it exercises a certain control over the quality of the vehicles,
the drivers and their conduct, which can, in some circumstances, result in their exclusion.’
63
In J20 v Facebook Ireland Ltd, Facebook was fined for failing to remove information that it had
knowledge of. The Court of Appeal disagreed with the argument that the platform knew or ought
to have known about the content without the need to be notified simply because it was similar to
content previously found to be unlawful.
principle in a complementary manner.’64 Thus, it is possible for national legislation

to impose specific obligations on social media platforms, although it is not clear
how those could take effect.
The Commission announced that it planned to maintain a balanced and predict-
able liability regime for online platforms, although it will tackle a number of spe-
cific issues relating to illegal and harmful content65 through some reforms of the
liability environment. Concerning consumer protection, no changes to the regime
under Art. 14 are envisaged. The trend however is very much towards less protection
for intermediaries, although, the Commission explained that taking voluntary pro-
active measures does not automatically lead to the hosting service provider con-
cerned losing the benefit of the liability exemption provided for in Article 14 of
Directive 2000/31/EC.66
In 2017, the EU Commission required that social media companies comply with
consumer protection rules and ‘remove any fraud and scams appearing on their
websites that could mislead consumers, once they become aware of such practices.
In this connection, national consumer protection authorities should have a direct
and standardised communication channel to signal such wrongdoings to social
media operators (for example infringing the Unfair Commercial Practices Directive
or the Consumer Rights Directive) and obtain take down of content, as well as
information concerning the traders responsible for the infringements.’67 This mea-
sure is limited to the companies that have been targeted by the enforcement authori-
ties, namely Facebook, Twitter and Google +.
In addition, the European Commission Recommendation from March 201868
which builds on The European Commission Guidelines that were issued in
September 201769 explains: ‘The Commission’s work is motivated by concerns that
the removal of illegal content online continues to be insufficiently effective – incite-
ment to terrorism, illegal hate speech, or child sexual abuse material, as well as
infringements of Intellectual Property rights and consumer protection online need
to be tackled across the EU with determination and resolve.’
It places consumer protection alongside IP rights infringement giving consumer
law the profile it deserves and ought to make enforcement more effective moving
forward. The inclusion of consumer protection in this Recommendation also means
that the new tools such as the general recommendation relating to all type of illegal
content, becomes applicable to consumer law violations. This is an acknowledgment
that content that contravenes consumer protection laws is illegal and failing to
remove it promptly under the procedures laid down in application of Article 14
64
SWD (2016) 163 final, p. 126.
65
COM (2016) 288 final, pp. 7–8.
66
European Commission (2017) Tackling Illegal Content Online – Towards an Enhanced
Responsibility of Online Platforms, COM (2017) 555 final, p. 12.
67
For full details, see European Commission Press Release (2017).
68
European Commission Recommendation on measures to effectively tackle illegal content online,
C (2018) 1177 final.
69
COM (2017) 555 final.
338 C. Riefa
could lead to liability of the intermediary. This is an important step forward. In the
context of online auctions, I have elsewhere defended the idea that ‘the principle
under which an intermediary could have liability for all third party content hosted,
if it was contrary to unfair commercial practices or unfair terms legislation for
example, can be established even if in practice some amendments to legislation
were necessary to make it a reality’.70 The Recommendation goes some way to rec-
ognising officially this principle.
The Recommendation also clears the way for a notice process to be elaborated to
report consumer law violations, as well as the use of software for their detection.
Indeed, Recommendation 18 states that ‘hosting service providers should be encour-
aged to take, where appropriate, proportionate and specific proactive measures in
respect of illegal content. Such proactive measures could involve the use of auto-
mated means for the detection of illegal content only where appropriate and propor-
tionate and subject to effective and appropriate safeguards, in particular the
safeguards referred to in points 19 and 20’. Where automated means are used,
Recommendation 20 explains: ‘effective and appropriate safeguards should be pro-
vided to ensure that decisions taken concerning that content, in particular decisions
to remove or disable access to content considered to be illegal content, are accurate
and well-founded. Such safeguards should consist, in particular, of human oversight
and verifications, where appropriate and, in any event, where a detailed assessment
of the relevant context is required in order to determine whether or not the content
is to be considered illegal content.’
However, there is still a long way to go. One of the main difficulties resides in
defining precisely what the social media platforms, using software or manpower,
would have to look for by way of consumer law violations and how to police them.
Take for example, an obviously fake item advertised on Pinterest. If the advert con-
tains the wording ∗∗fake designer sofa∗∗ a trademark violation may be easy to
identify. But the advert is not misleading from a consumer law’s point of view,
although it should clearly raise some alarm bells. Similarly, if the advert contains
some terms and conditions, one clause excluding any liability for any defect for
example, it would be easy to detect on wording alone. In the EU, this term would be
clearly unfair and should be struck off as such. But for other terms, the process may
be more complex. Indeed, under the EU law, terms are to be interpreted taken the
economy of the contract as a whole. This means that some terms that, on face value,
have a propensity for unfairness, may be considered valid, when the contract is read
in its entirety.71 Turning to unfair practices, it is not always easy to determine if a
consumer would have taken a different transactional decision, if the unfair practice
had not been in place. There are however areas where human or algorithmic detec-
tion could be facilitated with devising the right checklists, starting, for example,
with the list of 21 banned practices in the Unfair Commercial Practices Directive.
70
Riefa (2015), p. 216.
71
For a possible model, see Micklitz et al. (2017), pp. 367–388.
4.3 Bolstering Enforcement
In an ideal world, self-regulation ought to be sufficient to tackle consumer protec-

tion challenges on social media platforms. Platforms should ensure the users selling
via their intermediary apply high standards of consumer satisfaction and address
any issues. However, should this fail to gather sufficient pace, and liability of inter-
mediary be changed (to force this level of supervision), using a private and/or public
enforcement framework will be necessary. The discussions currently ongoing on the
creation of an EU collective action72 could provide some impetus for improved pri-
vate consumer law enforcement and the involvement of consumer associations in
the protection of social media users.73 A collective action has been launched against
Facebook by a number of consumer associations in Italy, Belgium and Portugal. But
collective actions are not freely available everywhere. Therefore, public enforce-
ment remains often the only viable option for many consumers.
4.3.1 A
ccurately Recording Consumer Problems to Help Target
Responses
One of the key steps to enable better enforcement is to devise a system whereby
information on scams and other consumer law violations can be accurately recorded.
There is currently an obvious gap in the data available and developing a set of mea-
sures to record scams and other consumer law violations, as well as their sources or
place(s) of operation would be useful to protect consumers more effectively.
Exploring the development of a taxonomy of consumer law violations is vital for all
stakeholders to be able to focus their efforts in the right places. Improving current
recording processes for scams, as well as develop others, is essential because it is
not just scams that are causing consumers detriment. Sales of goods that are not of
satisfactory quality, or for which the seller does not offer an appropriate right to
return for example, also need documenting. Social networking platforms are best
placed to gather such data if it is reported to them, but other stakeholders (consumer
associations, enforcers, etc.) could also compile such data from the complaints they
may become privy to. Collaborations between all entities to create a workable and
international taxonomy would greatly improve the way intervention and protection
could be directed. This taxonomy could in turn be used to use software to identify
and flag obvious consumer law protection violations, which would go some way in
identifying and neutralising users that do not play by the rules.
72
European Commission Press Release (2018).
73
See European Commission (2018), p. 97, par. 7.5.
340 C. Riefa
4.3.2 Cooperation of Social Media Platforms with Enforcers
There is legislation to control poor retail practices, unfair commercial practices and
the scams we have highlighted above, providing that enforcement authorities can
identify the social media user who perpetrates them and mount a convincing case.
For example, in the UK, it is feasible that the creation of a fake social media account
can be construed as a criminal offence. Similarly, ‘revenge porn’ is a criminal
offence under Section 33 of the Criminal Justice and Courts Act 2015, which sanc-
tions the ‘disclosure of private sexual photographs or films without the consent of
an individual who appears in them and with intent to cause that individual distress’.
This would also be applicable to ‘sextorsion’, a case of ‘blackmail’, also sanctioned
by the law.74 In addition, the scams, which are misleading consumers either by
omission or by action, would fall under the remit of the Unfair Trading Regulations
2008, with the limitations we have already hinted at.
But to be efficient, it is essential that social media platform disclose information
that they hold about the scammers in an efficient manner. That is of course, provid-
ing that the scammer was not using a fake account and thus being untraceable. In the
EU, Article 19(1) of the E-Commerce Directive states that ‘Member States shall
have adequate means of supervision and investigation necessary to implement this
Directive effectively and shall ensure that service providers supply them with the
requisite information.’ This feasibly includes details pertaining to identity and
account activity. Many jurisdictions do require, on court orders at least, that social
media platform release the necessary information. But such solution does take time
and ensuring social media platforms’ collaboration without the need for a court
order may be preferable although there is no guarantee that it will always be more
efficient. The reluctance of social media platforms to collaborate with enforcers is
unfortunately a common occurrence, including in social media circles, as the case
of Luxstyle, started by the Danish Ombudsman attests.75
The Commission Recommendation on measures to effectively tackle illegal con-
tent online provides some assistance. It includes some provisions to encourage
cooperation between hosting services and member states. In particular, it provides
for the creation of fast track procedures to process notices submitted by competent
authorities, which could include consumer protection agencies.76 Besides, the
Recommendation encourages that ‘Member States establish legal obligations for
hosting service providers to promptly inform law enforcement authorities, for the
purposes of the prevention, investigation, detection or prosecution of criminal
offences, of any evidence of alleged serious criminal offences involving a threat to
the life or safety of persons obtained in the context of their activities for the removal
or disabling of access to illegal content, in compliance with the applicable legal
requirements, in particular regarding the protection of personal data protection,
74
Parliament UK (2014).
75
Consumers International (2017).
76
C (2018)1177 final, p. 13.
including Regulation (EU) 2016/679’.77 This could without a doubt include some
consumer protection legislation. Finally, the Recommendation also considers coop-
eration with what are called ‘trusted flaggers’ as well as between hosting services.
It is also important to reflect on influencing social media platforms to ensure
conformity to a high level of consumer protection. This is a place where consumer
associations and enforcers, in particular, can play an important part by monitoring
the market place and uncovering bad practices and alerting the public and enforce-
ment authorities. Doing so and changing the practices in place can also have an
important ripple effect. Smaller platforms tend to mimic larger ones and the spread-
ing of best practices ought to have a positive impact. For this, a positive relationship
between enforcers, consumer associations and platforms is key. Platforms could
also be asked to inform consumers on the potential dangers of using their intermedi-
ary to make purchases. The practices identified via the tools described above could
help platforms target areas where consumers clearly would need more information
(alongside themselves taking action to neutralise users who are using their plat-
forms for scams or poor practices). Equally, enforcers and other stakeholders ought
to reflect on how best to use social media to communicate about consumer rights
and ensure wide spread information.
4.4 International Enforcement Efforts
There are here two main aspects to consider: scams on the one hand and unfair
practices or poor retail practices on the other. There is a difference because scam-
mers have malicious intent, whereas perpetrators of unfair commercial practices
may not reach the bar for criminal prosecution, but the practices are nevertheless
caught by the law.
Responses to be brought concerning sales that require general redress (e.g. satis-
factory quality issue and other problems falling under Sales of Goods Act or equiva-
lent legislation, breach of contract, etc.) also need some attention but are normally
within the realm of direct negotiation or use ADR/ODR as well as courts as redress
mechanisms. Because the operation of the courts, ADR/ODR systems or direct
negotiation between parties, is much broader than the scope of this chapter, they
will not be discussed here. Satisfactory protection however can only be achieved if
such solutions are easily available to consumers and are affordable.
To solve the most excessive practices noted to take place on social media, inter-
national cooperation is paramount. In Europe, the forthcoming CPC Regulation
promises to drastically improve how national enforcers cooperate. This is essential
because scammers, in particular, have a habit to target jurisdictions they are far
removed from to avoid detection and prosecution. Criminal prosecution is notably
difficult across borders and often this discourages enforcement authorities to act
because of costs and the difficulties to gain enforcement. Similarly, enforcing unfair
77
Ibid.
342 C. Riefa
commercial practices is equally difficult across borders. To be most effective, legis-

lation dealing with unfair commercial practices does therefore need to be able to
catch practices originating beyond the borders of a particular state. In the EU, the
unfair commercial practices Directive can feasibly apply beyond the EU borders
and Member States lines. This is because, Article 6(1) of Regulation No 864/2007
on the law applicable to non-contractual obligations (Rome II) states: ‘The law
applicable to a non-contractual obligation arising out of an act of unfair competi-
tion shall be the law of the country where competitive relations or the collective
interests of consumers are, or are likely to be, affected.’ Thus, the Commission
Guidance states that when those conditions are fulfilled, e.g. if misleading advertis-
ing is targeted to the EU consumers and this harms the collective interests of the EU
consumers, the UCPD will be applicable.’78
Networks of enforcers, with adequate training to detect unfair practices and
scams on social media sites and legislation at their disposal enabling them to act are
therefore key ingredients to ensure consumers are protected. This may require that
existing networks (ICPEN, for example, as well as regional networks) lend a hand
to train and share best practices with countries where there is a need. Consumer
associations can also assist consumers in countries where they have some powers to
do so, for example, through bad publicity for platforms that allow such practices, as
well as enforcement via representative actions.
5 Conclusion
Social commerce is developing and could become the next big thing providing pay-
ment system solutions, and technological tools can provide a seamless experience
to users. Social commerce is also bringing its own set of challenges, including the
size of the medium used to consult social media sites (more often on mobile phones
than on PCs) and the community feel it creates. This impacts on the way users inter-
act and place their trust in a retail relationship. Current consumer protection legisla-
tion goes some way to provide consumers with rights should a transaction go wrong
or an advert prove misleading. However, it does not yet fully cater for social com-
merce and leaves some gaps. The growth of social media scams and the role of
social influencers are two key trends that show the dangers of social media. Those,
as well as challenges relating to buying and selling on social media platform, would
be best tackled by ensuring social media platforms are willing to self-regulate and
impose standards that are conducive of trust. Failing this, it seems inevitable that the
question of the platforms’ liability will need revisiting. The Commission
Recommendation from March 2018 paves the way for better consumer law enforce-
ment on social media (and other online) platforms but it is unlikely to yield the
78
SWD (2016) 163 final. However, enforcement is likely going to be expensive unless the countries
in which the perpetrators are established have reciprocal arrangements with the country where
consumer harm is detected.
expected results in the immediate future as it lacks binding force. As a reform of the
e-commerce directive is unlikely in the near future, it leaves enforcement as the
primary tool to protect consumers. The limitations of ADR, as well as access to
court, have been well documented. They will remain an obstacle to consumer pro-
tection in social commerce given the often-transnational nature of the relationships
formed by the consumer. This means that public enforcement is the best tool to
achieve better consumer protection in social commerce. Much improvements are
necessary to improve the enforcement machinery especially across border and
improve the technical capabilities of enforcers. However, it is not out of reach and
the recent Cambridge Analytica scandal and the rising profile of scams and social
media influencers problem may well have given sufficient impetus to move towards
higher expectations being placed on platforms.79
References
Alba D (2016) Get ready to buy stuff straight through Instagram. Wired. https://www.wired.
com/2016/11/get-ready-buy-stuff-straight-instagram/
Api2cart (2016). https://api2cart.com/ecommerce/social-commerce-end-2016-trends-statistics/
ASA (2013) Nike UK Ltd (4 September 2013). https://www.asa.org.uk/rulings/nike-uk-ltd-
a13-229986.html
ASA (2016) Alpro (UK) Ltd (21 September 2016). https://www.asa.org.uk/rulings/alpro-uk-ltd-
a16-344134.html
BEUC, Vzbv (2017) The challenge of protecting EU consumers in online global markets. https://
www.vzbv.de/sites/default/files/downloads/2017/11/08/17-11-08_brochure-vzbv-beuc-lr3.pdf
CG v Facebook Ireland Ltd and Joseph McCloskey [2016] NICA 54
Chen Y (2016) Why buy buttons on Pinterest and Instagram haven’t taken off for retailers.
Digiday. https://digiday.com/media/buy-buttons-pinterest-instagram-havent-taken-off-retail-
ers/
CJEU, Asociación Profesional Élite Taxi v Uber Systems Spain SL, Case C 434/15, judgement of
20 December 2017
CJEU, Bond van Adverteerders and Others v. The Netherlands State, Case C 352/85, judgement
of 26 April 1998
CJEU, Google France SARL, Google Inc v Louis Vuitton Malletier SA, Case C236/08, Judgment
of 23 March 2010
CJEU, Google France SARL, Google Inc v Viaticum SA, Luteciel SARL, Case 237/08, Judgement
of 23 March 2010
CJEU, Google France SARL v Centre National de Recherche en relations humaines (CNRHH)
SARL, Pierre Alexis Thonet, Bruno Raboin, Tiger SARL, Case C238/08, judgement of 23
March 2010
CJEU, L’Oréal SA and Others v eBAy International AG and Others, Case C 324/09, judgement of
12 July 2011
CMA (2015) Online reviews and endorsements: report on the CMA’s call for information CMA41
CMA (2016a) Open letter guidelines. https://www.gov.uk/government/uploads/system/uploads/
attachment_data/file/545227/An_open_letter_to_marketing_departments_marketing_agen-
cies_and_their_clients.pdf
79
Siciliani et al. (2019) who advocate the creation of a general and positive duty to trade fairly.
344 C. Riefa
CMA (2016b). Social Chain (11 August 2016). https://www.gov.uk/cma-cases/

non-disclosure-of-paid-endorsements-social-media
Consumers International (2017) How can we better protect consumers in a glo-
balised digital world. http://www.consumersinternational.org/news-resources/blog/
posts/20170704-how-can-we-better-protect-consumers-in-a-globalised-digital-world/
Consumers International (2019) Social Media Scams: understanding the consumer experience
to create a safer digital world. https://www.consumersinternational.org/media/293343/social-
media-scams-final-245.pdf
Digital, Culture, Media and Sports Committee (2019) Disinformation and Fake News.
https://www.parliament.uk/business/committees/committees-a-z/commons-select/
digital-culture-media-and-sport-committee/inquiries/parliament-2017/fake-news-17-19/
European Commission (2018) Behavioural study on advertising and marketing practices in online
social media, Final report. https://ec.europa.eu/info/sites/info/files/osm-final-report_en.pdf
European Commission (June 2014) DG Justice Guidance on the Consumer Rights Directive.
https://ec.europa.eu/info/sites/info/files/crd_guidance_en_0.pdf
European Commission, Communication on Online Platforms and the Digital Single Market
Opportunities and Challenges for Europe, COM (2016) 288 final
European Commission, Communication on Tackling Illegal Content Online – Towards an
Enhanced Responsibility of Online Platforms, COM (2017) 555 final
European Commission Press Release (2017) The European Commission and Member States con-
sumer authorities ask social media companies to comply with EU rules. http://europa.eu/rapid/
press-release_IP-17-631_en.htm
European Commission Press Release (2018) A new deal for consumers: commission strengthens
EU consumer rights and enforcement. http://europa.eu/rapid/press-release_IP-18-3041_en.htm
European Commission, Recommendation on measures to effectively tackle illegal con-
tent online, C (2018) 1177 final. https://ec.europa.eu/digital-single-market/en/
illegal-content-online-platforms
European Commission Staff Working Document, Guidance on the implementation/application of
Directive 2005/29/EC on Unfair Commercial Practices SWD (2016) 163 final
European Data Protection Supervisor (March 2017) Opinion 4/2017, on the proposal for a Directive
on certain aspects concerning contracts for the supply of digital content. https://edps.europa.eu/
sites/edp/files/publication/17-03-14_opinion_digital_content_en.pdf
European Parliament (2017) Resolution of 15 June 2017 on Online Platforms and the Digital
Single Market. 2016/2276(INI). http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//
EP//NONSGML+TA+P8-TA-2017-0272+0+DOC+PDF+V0//EN
European Parliament (2018) Briefing modernisation of EU consumer protection rules. http://www.
europarl.europa.eu/RegData/etudes/BRIE/2018/623547/EPRS_BRI(2018)623547_EN.pdf
Evans PC, Gawer A (2015) The rise of the platform enterprise, a global survey. The Centre for
Global Enterprise. http://thecge.net/wp-content/uploads/2016/01/PDF-WEB-Platform-
Survey_01_12.pdf
Forbrukertilsynet (2018) The Consumers’ Authority’s guidance on labelling adver-
tising in social media. https://www.forbrukertilsynet.no/english/guidelines/
the-consumer-ombudsmans-guidance-on-labelling-advertising-in-social-media
FTC (2013) Guidelines. https://www.ftc.gov/sites/default/files/attachments/press-releases/ftc-
staff-revises-online-advertising-disclosure-guidelines/130312dotcomdisclosures.pdf
Gibreel, Alotaibi, Altmann (2018) Social commerce development in emerging markets. Electron
Commer Res Appl 27:152
House of Lords (2016) Select Committee on European Union, Online Platforms and the Digital
Single Market (HL Paper 129)
Huang Z, Benyoucef M (2017) The effects of social commerce design on consumer purchase
decision-making: an empirical study. Electron Commer Res Appl 25:40
ICPEN (2019) Initiatives. https://www.icpen.org/initiatives
J20 v Facebook Ireland Ltd[2016] NIQB 98
Liang, Turban (2011) An introduction to the special issue on social commerce: a research frame-
work for social commerce. Int J Electron Commer 16(2):5–13
Micklitz H-W, Pałka P, Panagis Y (2017) The Empire strikes back: digital control of unfair terms
of online services. JCP 40(3):367–388
OECD (2016) Protecting consumers in peer platform markets, exploring the issues, 2016 Ministerial
meeting on the digital economy, Background report. OECD Digital Economy Papers no. 253
OFCOM (2017) Communication Market Report 2017, United Kingdom. https://www.ofcom.org.
uk/__data/assets/pdf_file/0017/105074/cmr-2017-uk.pdf
Parliament UK (2014) Communications Committee, Social media and criminal offences. https://
publications.parliament.uk/pa/ld201415/ldselect/ldcomuni/37/3704.htm
Riefa C (2015) Consumer protection and online auction platforms, towards a safer legal frame-
work. Ashgate, Farnham
Riefa C, Clausen L (2019) Online reviews: the new deal is missing the mark on the control of
digital influencers’. EuCML 8(2): 64-74
Riefa C, Markou C (2014) Online marketing: advertisers know you are a dog on the Internet!
In: Savin A, Trzaskowski J (eds) Research handbook on EU Internet law. Edward Elgar,
Cheltenham
Riefa C, Mo JYC (2016) Mind the gap: modelling the liability of online auction intermediaries and
market places in Hong Kong on the EU regime. Chin J Comp Law:1–26
Scamwatch (2018). https://www.scamwatch.gov.au/about-scamwatch/scam-statistics
Siciliani P, Riefa C, Gamper H (2019) Consumer theories of harm – an economic approach to
consumer enforcement and policy making. Hart, Oxford
Statista (2017). https://www.statista.com/statistics/250909/brand-engagement-of-us-online-
shoppers-on-pinterest-and-facebook/
Statista (2019a). https://www.statista.com/statistics/278414/number-of-worldwide-social-
network-users/
Statista (2019b). https://www.statista.com/statistics/271406/advertising-revenue-of-social-
networks-worldwide/
Symantec (2016) ISTR 21:30
TNO (2015) Digital platforms: an analytical framework for identifying and evaluating policy
options. TNO 2015 R11271. https://www.rijksoverheid.nl/documenten/rapporten/2015/11/09/
digital-platforms-an-analytical-framework-for-identifying-and-evaluating-policy-options
Trzaskowski J (2011) User-generated marketing – legal implications when word-of-mouth goes
viral. Int J Law Inf Technol 19:8
Weichel A (2017) Top scams of 2016 include fake endorsements from online ‘influencers’.
http://bc.ctvnews.ca/top-scams-of-2016-include-fake-endorsements-from-online-influenc-
ers-1.3307091
Yang, Li, Kim (2015) Social shopping website quality attributes increasing consumer participa-
tion, positive eWOM, and co-shopping: the reciprocating role of participation. Retail Consum
Serv 24:1–9
Chapter 16
The 2018 New Deal on Better Enforcement
and Modernisation of EU Consumer Law:
An Actually Good Digital Deal?
Thalia Prastitou Merdi
Abstract As part of its ‘New Deal for Consumers’, the European Commission
brought forward, on 11 April 2018, a legislative package comprising of two propos-
als for directives encompassing substantial reforms in the area of consumer law. The
first is a proposal for a directive on better enforcement and modernisation of
European Union consumer protection rules. What is really interesting to note is that
although this proposal forms part of the “New Deal”, it is not bringing forward
purely new legislation but instead amendments to already established EU consumer
protection rules that, according to the Commission, are essential for adjusting these
legislative documents to the development of the digital sphere. After providing
some background information, this chapter proceeds to an analysis of the four fun-
damental changes brought forward by the Proposal aiming to shed light on the ques-
tion of whether it improves or not the substance of EU consumer protection
legislation. These changes are consumer access to individual remedies for unfair
commercial practices, simplifications for businesses, transparency requirements for
online marketplaces and the addition of ‘free’ digital services to the scope of the
Consumer Rights Directive. This chapter concludes its analysis by answering the
question of whether this Proposal forms, after all, a good or a bad digital deal.
1 I ntroduction: An Amending Proposal Rather Than

a Brand New Legislative Initiative
As part of its ‘New Deal for Consumers’ (New Deal), the European Commission (or
Commission) brought forward, on 11 April 2018, a legislative package comprising
of two proposals for directives encompassing substantial reforms in the area of con-
sumer law. The first, and the topic of this chapter, is a proposal for a directive on
better enforcement and modernisation of the European Union (EU) consumer
T. Prastitou Merdi (*)
European University Cyprus, Nicosia, Cyprus
e-mail: T.Prastitou@euc.ac.cy

https://doi.org/10.1007/978-3-030-25579-4_16
348 T. Prastitou Merdi
protection rules1 (the Proposal), containing substantive law improvements, brought

forward in particular in light of developments in the digital sphere.2 The second one
is a proposal, of a procedural law character, for a directive on representative actions
for the protection of the collective interests of consumers replacing Directive
2009/22/EC.3
Both proposals follow up on the REFIT Fitness Check of EU consumer and mar-
keting law (REFIT)4 and the evaluation of Directive 2011/83/EU (CRD evaluation)5
published together on 23 May 2017. Although both reports concluded that the sub-
stantive consumer protection provisions of the Directives examined are overall fit
for purpose, some of their aspects could benefit from improved enforcement and
modernisation. Secondly, the proposals respond to recent large-scale abusive prac-
tices, such as the Dieselgate scandal, that “sparked a debate about whether the EU
has strong enough mechanisms in place to handle such issues, namely to effectively
enforce consumer protection rules and provide redress to harmed consumers”6 or
the widespread use of unfair contract terms in mortgage contracts by banking
institutions.
What is really interesting to note is that although the Proposal forms part of the
“New Deal”, it is not bringing forward purely new legislation but instead amend-
ments to already established EU consumer protection rules. More specifically, the
Proposal includes amendments to four different directives, these being the Unfair
1
Proposal for a Directive of the European Parliament and of the Council as regards better enforce-
ment and modernisation of EU consumer protection rules COM (2018) 185 final.
2
What shall be noted is that although, in the context of the ordinary legislative procedure, in
January 2019 the European Parliament Internal Market and Consumer Protection (IMCO)
Committee adopted its report on the Proposal, this chapter and the analysis found herein is focussed
solely on the Commission Proposal of April 2018 as it appeared up to March 2019.
3
Proposal for a Directive of the European Parliament and of the Council on representative actions
for the protection of the collective interests of consumers and repealing Directive 2009/22/EC
COM (2018) 184 final.
4
European Commission (2017), Commission Staff Working Document, Report of the Fitness
Check on Directive 2005/29/EC of the European Parliament and of the Council of 11 May 2005
concerning unfair business-to-consumer commercial practices in the internal market and amending
Council Directive 84/450/EEC, Directives 97/7/EC, 98/27/EC and 2002/65/EC of the European
Parliament and of the Council and Regulation (EC) No 2006/2004 of the European Parliament and
of the Council (‘Unfair Commercial Practices Directive’); Council Directive 93/13/EEC of 5 April
1993 on unfair terms in consumer contracts; Directive 98/6/EC of the European Parliament and of
the Council of 16 February 1998 on consumer protection in the indication of the prices of products
offered to consumers; Directive 1999/44/EC of the European Parliament and of the Council of 25
May 1999 on certain aspects of the sale of consumer goods and associated guarantees; Directive
2009/22/EC of the European Parliament and of the Council of 23 April 2009 on injunctions for the
protection of consumers’ interests; Directive 2006/114/EC of the European Parliament and of the
Council of 12 December 2006 concerning misleading and comparative advertising, SWD (2017)
209 final.
5
Report from the Commission to the European Parliament and Council on the application of
Directive 2011/83/EU of the European Parliament and of the Council of 25 October 2011 on con-
sumer rights COM (2017) 259 final.
6
Ibid, pp. 2–3.
16 The 2018 New Deal on Better Enforcement and Modernisation of EU Consumer… 349
Commercial Practices Directive (UCPD),7 the Consumer Rights Directive (CRD),8

the Unfair Contract Terms Directive (UCTD)9 and the Price Indication Directive
(PID).10 It “covers a range of slightly unrelated topics”11 including inter alia traders’
penalties for widespread cross-border infringements, consumers’ right to individual
remedies, transparency for consumers on online marketplaces and protection in
respect of free digital services, as well as flexibility for businesses regarding with-
drawal rights. What must be made clear is that apart from the provision for penalties
for widespread cross-border infringements, that is proposed to be applied to all four
concerned directives, the rest of the amendments included in the Proposal affect
solely the UCPD and the CRD.
According to the Commission, these updates are essential as, apart from the need
for better application and enforcement, as well as a need for reducing regulatory
burdens in some areas, there is a need for modernisation of these rules in line with
the development of the digital sphere.12 In relation to the latter need, one must not
forget that all of the above directives constitute horizontal pieces of legislation,
rather than sector specific, and, apart from the CRD, they do not distinguish between
online or offline environments. Therefore, although in theory they “deal with new
problems even if they were adopted before the age of e-commerce kicked in”,13 their
application to contractual disputes arising in an online environment is not as unprob-
lematic as it seems, and could consequently benefit from some of their provisions
being brought into line with the uniqueness of the digital era.
Looking at this Proposal one may wonder, inter alia,14 does it bring forward
viable amendments that respond to the present needs of consumer contracting espe-
cially in the digital sphere? Are these enough? Does it therefore form an actually
good digital deal? After providing a brief account of the REFIT and CRD evaluation
as well as a rapid overview of the Dieselgate scandal by way of background, this
chapter attempts to answer these questions focusing on the four fundamental
changes brought forward by the Proposal affecting online consumer contracts.15
7
Directive 2005/29/EC of the European Parliament and Council of 11 May 2005 concerning unfair
business-to-consumer commercial practices in the internal market, OJ L 149/22.
8
Directive 2011/83/EU of the European Parliament and Council of 25 October 2011 on consumer
rights, OJ L 304/64.
9
Council Directive 93/13/EC of 5 April 1993 on unfair terms in consumer contracts, OJ L 95/29.
10
Directive 98/6/EC of the European Parliament and of the Council of 16 February 1998 on con-
sumer protection in the indication of the prices of products offered to consumers, OJ L 80/27.
11
Šajn (2018), p. 2.
12
COM (2018) 185 final, p. 1.
13
SWD (2017) 209 final, p. 76.
14
Another question could be whether the proposed amendments respond fully to the findings of the
two evaluation reports.
15
The changes discussed affect either solely online consumer contracts or both online and offline
consumer contracts.
2 Background: How Did We Get Here?
2.1 The REFIT and the CRD Evaluation
Back in 2013, the European Commission announced, in its 2013 Regulatory Fitness
and Performance (REFIT): Results and Next Steps Communication,16 its intention
to undertake a fitness check of legal acts related to consumer rights and advertising.
The detailed scope of this exercise was set up in a Roadmap17 published in December
2015 and included six directives, these being the UCPD, the UCTD, the PID, the
Consumer Sales Directive,18 the Misleading and Comparative Advertising Directive19
and the Injunctions Directive.20 The REFIT check aimed to evaluate whether these
six directives remained fit for purpose based on five criteria: these being effective-
ness, efficiency, coherence, relevance and EU added value. Additionally, based on
the same Roadmap a separate evaluation was going to take place, in parallel, regard-
ing the CRD, in accordance to its Article 30.
Both evaluations reports were published together on 23 May 2017.21 Although
both evaluations concluded that substantive EU consumer rules, found in all seven
directives, were overall fit for purpose and had positively contributed to the func-
tioning of the business-to-consumer internal market providing a high level of con-
sumer protection, some of their provisions could benefit from improved enforcement
and modernisation to adjust to the developments of the digital sphere.
The REFIT evaluation report “found that further improving the overall effective-
ness, efficiency and coherence of the six Directives [concerned] requires three
strands of action: 1) ensuring that not only consumers, traders and their associa-
tions, but also judges and other legal practitioners, have better knowledge of all
rights and duties under this part of EU consumer and marketing law; 2) ensuring
stepped-up enforcement and easier redress when the substantive law provisions in
question are breached; 3) considering targeted amendments to simplify the regula-
tory landscape where this is fully justified”.22 In relation to the second and third
16
Economic and Social Committee and the Committee of the Regions Regulatory Fitness and
Performance (REFIT): Results and Next Steps, COM(2013) 685 final.
17
http://ec.europa.eu/smart-regulation/roadmaps/docs/2016_just_023_evaluation_
consumer_law_en.pdf.
18
Directive 1999/44/EC of the European Parliament and Council of 25 May 1999 on certain
aspects of the sale of consumer goods and associated guarantees OJ L 171/12.
19
Directive 2006/114/EC of the European Parliament and of the Council of 12 December 2006
concerning misleading and comparative advertising, OJ L 376/21.
20
Directive 2009/22/EC of the European Parliament and of the Council of 23 April 2009 on injunc-
tions for the protection of consumers’ interests OJ L 110/30.
21
Supra n 4, n 5.
22
Commission Staff Working Document Executive Summary of the Fitness Check on Directive
2005/29/EC of the European Parliament and of the Council of 11 May 2005 concerning unfair
business-to-consumer commercial practices in the internal market and amending Council Directive
strands of action, which are mostly related to the topic of this chapter, the
Commission suggested the need to work on the lack of direct consumer rights under
the UCPD to individual remedies, the need to strengthen the level of penalties for
breaches of EU consumer law, as well as the need to reduce some of the information
requirements provided in the UCPD as they are duplicated in the CRD.
Furthermore, the CRD evaluation suggested, inter alia, that “targeted legislative
interventions could help streamline and clarify the application of the Directive. In
particular, it should be considered to extend the scope of the Directive to digital
service contracts provided without the payment of a price and to provide further
clarification concerning the rules applicable to digital content contracts, as well as
introducing transparency requirements for online intermediaries.”23 Following the
release of its reports, the Commission ran a public consultation from June to October
2017 “to gauge public opinion on a range of issues. The results of this consultation
fed into what was announced as the “New Deal” Package in April 2018”.24
2.2 The Dieselgate Scandal
Furthermore, apart from the consumer acquis evaluations, back in autumn 2015, the
United States Environmental Protection Agency reported that Volkswagen (VW)
had installed illegally in 482,000 cars, sold in America in 2009,25 a “defeat device”,
practically a software, in diesel car engines. This software installed assisted these
cars in meeting exhaust pollution standards when monitored in tests but in reality
their emissions exceeded by far the pollution limits. VW then admitted that about 11
million cars worldwide, including eight million in Europe, were fitted with this
84/450/EEC, Directives 97/7/EC, 98/27/EC and 2002/65/EC of the European Parliament and of
the Council and Regulation (EC) No 2006/2004 of the European Parliament and of the Council
(‘Unfair Commercial Practices Directive’); Council Directive 93/13/EEC of 5 April 1993 on unfair
terms in consumer contracts; Directive 98/6/EC of the European Parliament and of the Council of
16 February 1998 on consumer protection in the indication of the prices of products offered to
consumers; Directive 1999/44/EC of the European Parliament and of the Council of 25 May 1999
on certain aspects of the sale of consumer goods and associated guarantees; Directive 2009/22/EC
of the European Parliament and of the Council of 23 April 2009 on injunctions for the protection
of consumers’ interests; Directive 2006/114/EC of the European Parliament and of the Council of
12 December 2006 concerning misleading and comparative advertising. {SWD (2017) 209 final},
SWD(2017) 208 final, p. 4.
23
Commission Staff Working Document Executive Summary of the Evaluation accompanying the
document Report from the Commission to the European Parliament and the Council on the appli-
cation of Directive 2011/83/EU of the European Parliament and of the Council of 25 October 2011
on consumer rights, amending Council Directive 93/13/EEC and Directive 1999/44/EC of the
European Parliament and of the Council and repealing Council Directive 85/577/EEC and
Directive 97/7/EC of the European Parliament and of the Council {COM(2017) 259 final}
{SWD(2017) 169 final}, SWD (2017) 170 final.
24
Twigg Flesner (2018), p. 3.
25
https://www.bbc.com/news/business-34324772.
so-called “defeat device”.26 Unsurprisingly, VW consumers triggered legal action

internationally, as well as in many EU Member States.27 However, unlike the US
VW consumers, the EU VW consumers were not able to recover damages even in
Member States that provided remedies for victims of unfair commercial practices as
these remedies are only contractual. Consequently, these remedies could only be
applied against the consumers’ contractual counterparts, which in this case were the
car dealers and not the car producers.28
2.3 Announcement of the New Deal
Considering the results of the aforementioned consumer acquis evaluations, as well

as thousands of unhappy VW EU customers, Commission President Jean-Claude
Juncker in his 2017 State of the Union address announced, within Priority 7 on an
area of Justice and Fundamental Rights based on mutual trust, a “New Deal for
Consumers’ package, aiming at facilitating coordination and effective action from
national consumer authorities at EU level and reinforcing public enforcement action
and better protection of consumer rights.”29
3 I nserted Consumer Protection Rules: Improving or Not

the Substance of EU Consumer Law?
Aiming to shed light on the question of whether this Proposal improves or not the
substance of EU consumer protection legislation, this chapter focuses on the four
fundamental changes30 brought forward by the Proposal affecting online consumer
contracts. These are consumer access to individual remedies for unfair commercial
26
Ibid.
27
Mak and Lujinovic (2019), p. 5.
28
COM(2018) 185 final, p. 13.
29
European Commission (2017) State of the Union 2017 by Jean-Claude Juncker, President of the
European Commission 13 September 2017 https://ec.europa.eu/commission/sites/beta-political/
files/state-union-2017-brochure_en.pdf.
30
Apart from the four main changes that will form the focus of analysis in this chapter, the Proposal
brings forward a new provision on penalties for widespread cross border infringements (to be
inserted in all four directives covered by the Proposal). Furthermore, in relation to the UCPD
solely it introduces, firstly, an amendment to Article 6(2) regarding misleading practices, making
it explicit that a commercial practice involving the marketing of a product as being identical to the
same product marketed in several other Member States, where those products have significantly
different composition or characteristics causing or likely to cause the average consumer to take a
transactional decision that he would not have taken otherwise, is a misleading commercial practice
and secondly an amendment to Articles 3(5) and (6) clarifying that Member States are not pre-
vented from adopting rules on certain forms and aspects of off-premises sales.
practices, simplifications for businesses, further transparency of online market-

places and lastly, the addition of free digital services to the scope of the CRD.
3.1 I ntroducing a Right to Individual Redress for Unfair

Commercial Practices: The Greatest Change of All?
Until now, under Article 11 of the UCPD, only courts and public authorities can
impose fines and stop unfair commercial practices by businesses. No provision for
individual remedies for consumers can be found within the directive. Interestingly,
although in the case of misleading practices for goods, the CSGD existing rules on
the lack of conformity apply for the legal guarantee period only, this protection is
limited as it does not apply to aggressive practices for goods or, more importantly,
services “for which the risk of misleading or aggressive behaviour is equally high,
if not higher”.31
In contrast to this limited provision, the Proposal introduces for the first time a
right of individual redress for unfair commercial practices. Under the proposed
Article 11A (1) “…Member States shall ensure that contractual and non-contractual
remedies are also available for consumers harmed by unfair commercial practices in
order to eliminate all the effects of those unfair commercial practices in accordance
with their national law”. More importantly, according to its next paragraphs “con-
tractual remedies shall include, as a minimum, the possibility for the consumer to
unilaterally terminate the contract” and “non-contractual remedies shall include, as
a minimum, the possibility of compensation for damages suffered by the
consumer”.
Reading this provision one must comment that, at first sight, this addition appears
to be an extremely positive amendment, improving, in general, the level of con-
sumer protection, and clarifying in general that consumers should be able to recover
for any losses they have suffered because of an unfair commercial practice.
Furthermore, such an addition reduces, in theory, the gap currently existing between
national law different provisions regarding this issue. What must be noted at this
point is that the REFIT check examined the possibility of introducing remedies for
consumers having suffered an individual detriment from unfair commercial prac-
tices. More importantly, significant divergences between national provisions were
actually revealed regarding this issue.32
31
European Commission (2018) Commission Staff Working Document Impact Assessment accom-
panying the document proposals for Directives of the European Parliament and of the Council (1)
amending Council Directive 93/13/EEC, Directive 98/6/EC of the European Parliament and of the
Council, Directive 2005/29/EC of the European Parliament and of the Council and Directive
2011/83/EU of the European Parliament and of the Council as regards better enforcement and
modernisation of the EU consumer protection rules and (2) on representative actions for the pro-
tection of the collective interests of consumers, and repealing Directive 2009/22/EC {COM(2018)
184 final}—{SWD(2018) 98 final}, SWD(2018) 96 final, Part 2/3, p. 55.
32
According to the REFIT evaluation check, “under the national law of all Member States, it
appears to be possible to rely on general contract law for remedies which consumers may invoke
Yet, reading this provision thoroughly, this appears to be a vague and complex
provision. Initially, the European Commission appears to do “little more than estab-
lish a basic principle, with Member States left to work out what could be very com-
plex rules”33 therefore following neither of the two options suggested by the REFIT
evaluation.34 More importantly, it leaves many questions unanswered as to the con-
tent and application of this provision.
Firstly, the wording of this provision appears to be quite problematic. By using
the phrase “contractual remedies shall include, as a minimum the possibility for the
consumer to unilaterally terminate the contract”, in paragraph 11a (2), the European
legislator appears to open up the question of what other contractual remedies might
then be included? Refund? Restitution? Mutual Restitution? Specific performance?
Similarly, the same question applies in paragraph 11a (3) which reads “non-
contractual remedies shall include, as a minimum the possibility of compensation
for damages suffered by the consumer”. Again, shall the national legislator include
injunctions? Specific restitution? Such a provision grants a lot of discretion to
Member States’ national legislators and courts, undoubtedly opening up in this way
the possibility for discrepancies at national level. Furthermore, should these reme-
dies be available to all types of unfair commercial practices? For example, accord-
ing to the UK Unfair Trading Regulations 2008, as amended in 2014, an individual
right to redress is available only in cases of a misleading or aggressive action rather
than in a case of misleading omission.
Furthermore, what do these remedies entail? For example, it is clear that the right
to unilaterally terminate the contract includes compensation for pecuniary damages
in all Member States’ national laws but what about non-pecuniary damages such as
distress, inconvenience or loss of enjoyment? Domestic legislations once again
diverge significantly on this issue.35 Apart from the content of these remedies, this
provision appears incomplete in relation to the conditions for the exercise of the
in courts. However…there is little national case-law providing a clear link between the remedies
derived from the general contract law doctrines in national law and the unfair commercial practices
as established in the UCPD. In addition, none of the Member States provide for the automatic trig-
gering of contractual remedies…[furthermore] in six Member States [Bulgaria, France,
Luxembourg, the Netherlands, Portugal and Slovakia] the existence of contractual remedies is
made more explicit…[while] three Member States — Belgium, Poland and the UK — provide for
special remedies specifically for breaches of the UCPD, which generally differ from the contrac-
tual remedies provided for other breaches of consumer law” SWD(2017) 209 final, p. 93.
33
34
These being either obliging in general Member States to introduce effective individual remedies
for breaches of the UCPD or providing a harmonised set of remedies within the UCPD.
35
For example in the UK, although the general rule according to the Addis v Grammophone, [1909]
AC 488, case the claimant cannot recover damages for injured feelings in a contractual action,
according to Farley v Skinner, [2002] 2 A.C. 732, “it is sufficient if a major or important object of
the contract is to give pleasure, relaxation or peace of mind” In Greek law, under Article 299 of the
Greek Civil Code (GCC) “compensation for immaterial damages cannot be awarded unless a legal
provision explicitly permits such type of damages”. This is permitted in only two cases; firstly, in
a tort/delict action according to Article 932 of the GCC, and secondly, if there is a violation of
personality rights under Article 59 of the GCC.
rights contained therein such as how does a consumer terminate the contract? Is
there a time limit for the exercise of this right? Furthermore, “does this remedy have
retroactive effect? Is fault required”?36 This restricted approach is additionally
strange if one takes a look at the 2015 Proposal for a Directive the Supply of Digital
Content (pDCD)37 where the European legislator had in contrast provided greater
detail in Articles 13 and 16 on how to terminate a contract and how to terminate a
long-term contract accordingly.
3.2 A
mending the Right of Withdrawal: Watering Down
Protection?
One of the most important regulatory mechanisms enjoyed by consumers in the EU,
through Article 9 of the CRD, is the well-known right of withdrawal ascribing to
consumers, save for where the exceptions of Article 16 apply, the option, within 14
days, to change their mind and withdraw freely from a contract they have con-
cluded, either in a distance (i.e. online or through the phone) or off premises without
bearing any negative consequences. Through this right, “consumer contract law
derogates from pacta sunt servanda and instead provides an advanced level of pro-
tection for consumers in their relationship with traders. The purpose of the right is
to contribute to the equality of the contractual parties”.38 That is why 95% of con-
sumers in the EU find this right important.39
Interestingly, following up on one of the CRD Report recommendations that aim
to reduce burdens for businesses,40 the Proposal changes this important consumer
right in two significant ways.
3.2.1 Goods Handled More Than Necessary
Initially, the Proposal adds another exception to Article 16, in new paragraph (n),
which reads that a right of withdrawal shall not be provided in cases where the con-
sumer has handled the goods, during the right of withdrawal period, “other than
what is necessary41 to establish the nature, characteristics and functioning of the
goods”. Reading this provision although, on the one hand, one realises that the
36
Loos (2019), p. 117.
37
cerning contracts for the supply of digital content, COM (2015) 634 final.
38
Durovic and Micklitz (2017), pp. 47–48.
39
European Commission (2017) Study on the application of the Consumer Rights Directive
2011/83/EU, p. 160. ec.europa.eu/newsroom/document.cfm?doc_id=44637.
40
European Commission (2017) Commission Staff Working Document, Evaluation of the
Consumer Rights Directive SWD(2017) 169 final, p. 58.
41
Emphasis added.
Commission proceeds to proposing such a change to eliminate small and medium-

sized businesses annual losses caused by the current obligation to accept such
‘unduly tested goods’,42 on the other, this new exception as it currently stands, can
be regarded as far from clear and unambiguous.
This new exception will take over the current rule in Article 14(2) of the CRD
according to which “the consumer shall only be liable for any diminished value of
the goods resulting from the handling of the goods other than what is necessary43 to
establish the nature, characteristics and functioning of the goods”. Although this
new rule will eliminate, according to the Commission, “difficulties for traders who
are required to assess the ‘diminished value’ of the returned goods and to resell
them as second-hand goods or to discard them” in reality the main definitional dif-
ficulty regarding the phrase “other than what is necessary” remains intact. As Rott
puts it, in the context of Article 14(2), “the crucial question is: when does testing
end and use begin”?44 The answers to these questions were not, and are not, always
clear. For example, although washing a newly bought dress to check whether it is
comfortable would be clearly regarded as “other than what is necessary in order to
establish the nature, characteristics and functioning of the good”, the same clear cut
answer might not be given in the case of a recipe book where the consumer has tried
on the first one or two recipes to see whether he/she likes the chef’s style.
Furthermore, the ‘tip’ given by the Commission within the Explanatory
Memorandum of the Proposal on the fact that the consumer will be solely allowed
to try out the good in the same way he could have done in a brick-and-mortar shop45
is not always helpful. As Loos interestingly asks “can the consumer be considered
to be testing or using a computer if, in order to see whether it meets her expecta-
tions, she starts it and is prompted to install it before she can try it out? By the time
she can, several files will have been automatically installed and a ‘personal profile’
will have been created on the computer. The comparison with what the consumer
would do with the computer in a brick-and-mortar store does not help us here, as
then the computer will already have been unpacked and installed. The proposed
amendments to the CRD do nothing to solve this matter”.46 As Advocate General
Trstenjak highlighted in the landmark Messner47 case, commenting on a similar
provision found in the Draft Common Frame of Reference,48 such legislative provi-
sions “lead to complex problems of distinguishing between inspection or testing
and use, which are detrimental to legal certainty and can ultimately mean that pur-
chasing by distance selling is less attractive to consumers”.
42
COM(2018) 185 final, p. 15.
43
Emphasis added.
44
Rott (2010), p. 190.
45
COM(2018) 185 final, p. 3.
46
Loos (2019), p. 119.
47
ECJ, Pia Messner v Firma Stefan Krüger, Case C-489/07, Advocate General Trstenjak opinion
of 18 February 2009, par. 85.
48
Von Bar et al. (2008), see specifically Article II.-5:105(4).
Considering the importance of the amendment proposed on this rule, one may
argue that the ambiguous content of this phrase will not erase any of the difficulties
currently existing as this problematic phrase, “other than what is necessary”,
remains untouched, but will more importantly open even further the possibility for
abuse by the trader because of the consumer’s weaker position. As Loos explains,
“the problem is that when a trader after inspection argues that the goods have been
used, the consumer no longer in a position is to prove otherwise as the trader already
has acquired possession of the goods. An unwilling trader would thus be able to
deprive a consumer from her right of withdrawal even though she would be entitled
to withdraw from the contract”.49 More importantly, as Advocate General Trstenjak
highlighted “the fear of abuse by individuals must not generally result in the protec-
tion of rights guaranteed under Community law being restricted for everyone”.50
Furthermore, one could comment on the nature of this new exception. The 13
exceptions currently found in Article 16 can be seen as quite specific and, according
to both the Court of Justice of the European Union51 and the Commission,52 should
be interpreted quite narrowly as the aim of the directive is to ascribe to consumers
in most instances of distance or off premises contracts the right of withdrawal as
being the most important consumer right aiming to ensure that a fair and balanced
contract is concluded.53 Therefore, one could ask how easily this new vague excep-
tion could fit in this narrow interpretative approach.
Additionally, one could ask why such a problematic change is actually required
considering that Article 14(2), as it currently stands, actually serves cases of exces-
sive use as it allows traders in cases of destruction of a good because of improper
use to retain 100% of the purchase where the good cannot be resold.54 Its current
wording can be seen, at least in theory, as striking a good balance between the inter-
ests of the trader and those of the consumer.55
49
Loos (2019), p. 119.
50
Supra n 47, par. 90.
51
See, for example, CJEU, E. Friz GmbH v Carsten von der Heyden, Case C-215/08, Judgment of
15 April 2010, para 32: “In this connection, it should first be observed that it is settled case-law that
derogations from the rules of European Union law for the protection of consumers must be inter-
preted strictly (see, inter alia, Case C-481/99 Heininger [2001] ECR I-9945, paragraph 31)”.
52
European Commission (2014), DG Justice Guidance Document concerning Directive 2011/83/
EU of the European Parliament and of the Council of 25 October 2011 on consumer rights, amend-
ing Council Directive 93/13/EEC and Directive 1999/44/EC of the European Parliament and of the
Council and repealing Council Directive 85/577/EEC and Directive 97/7/EC of the European
Parliament and of the Council, https://ec.europa.eu/info/sites/info/files/crd_guidance_en_0.pdf.
53
Watson (2016), p. 244.
54
SWD(2018) 96 final, Part 1/3, p. 75.
55
The Federation of German Consumer Organisations in its report (Federation of German
Consumer Organisations 2018, p. 10) brought forward interesting ways of preventing the abuse of
right of withdrawal. More specifically, ”one possibility, for example, might be for clothing retailers
to put technical safeguards in place that allow the goods to be tried on, but only worn if clearly
visible labels or similar are removed first. The removal of such a protective device would invalidate
the right to withdrawal. Similar measures could be used for technical devices such as televisions,
which would initially be supplied in a restricted test mode. Active steps would be required to acti-
Lastly, apart from these definitional difficulties, various practicalities on the

exercise of this right remain unanswered as well. The Proposal neither provide any
guidance as to who will bear the cost for the second delivery, back to the consumer,
if the seller decides that the good returned falls within this new exception nor does
it explain what happens if the goods are, further, damaged or even lost during this
second delivery. Furthermore, although under Article 6(1)(k) of the CRD, the trader
shall inform the consumer, inter alia, of the circumstances, where applicable, under
which the latter loses his right of withdrawal, no explanation is given as to what
happens if the consumer is not informed about this possible loss.
3.2.2 Timing of Reimbursement
Secondly, the Proposal amends Article 13(3) on the timing of the reimbursement in
the event of withdrawal. The new provision reads that “unless the trader has offered
to collect the goods himself, with regard to sales contracts, the trader may withhold
the reimbursement until he has received the goods back” thus, deleting the trader’s
obligation to reimburse the consumer even before the receipt of returned goods
provided that the latter has supplied sufficient evidence of proof of posting. This
new provision, in conjunction with the new Article 16 exception, will reduce dra-
matically the level of consumer protection as it will allow traders, having full con-
trol of the goods sent back, to reject much more often withdrawal requests.
Furthermore, this removal, in conjunction with the gap found within the CRD as to
who bears the risk for the return of the goods, and the danger of returned goods
being damaged during delivery will reduce even more the level of consumer protec-
tion, discouraging customers from exercising their right of withdrawal.
3.3 T
ransparency of Online Platforms: A Step in the Right
Direction?
In a digital era, consumers use excessively various online sale platforms, such as
eBay, Amazon, etsy, booking, to complete transactions quickly and efficiently.
When consumers proceed to a search query, the decisive factor for the results
appearing on the screen and the specific order in which these are appearing is one,
the algorithms used by the platform operator. Yet, consumers are unaware of this
specific information and may even believe that the ranking list is based on unbiased
criteria. For this reason, the Proposal brings forward amendments to both the CRD
and the UCPD in an attempt to improve the transparency of online platforms.
The Proposal amends paragraph 11 of the Annex of the UCPD, which encom-
passes the blacklist of commercial practices, to clarify that a commercial practice
vate the full functionality of the device, and the user would be warmed that by taking these steps,
they would lose their right of withdrawal”.
“providing information to a consumer’s online search query,56 to promote a product

where a trader has paid for the promotion without making that clear in the content
or search results57 or by images or sounds clearly identifiable by the consumer
(advertorial; paid placement or paid inclusion)”58 would be regarded per se as
unfair. This amendment can be regarded as a fundamental step forward in ensuring
transparency in a search query undertaken by a consumer. Yet, one could comment,
that this amendment is limited just to the factor of direct payment. Why not include
other factors that might have additionally an impact on the placement, such as the
possible commercial link between the platform operator and the trader of the good
or service? This is an issue that the European legislator must look at.
Apart from the UCPD, the Proposal brings forward a new article, Article 6a, in
the CRD regarding additional information requirements for contracts concluded on
“online marketplaces”. Before examining these additional information require-
ments, one shall have a look at the definition of the term “online marketplace”. What
does this term actually mean? Under Article 2(19) of the CRD, as added by the
Proposal, “‘online marketplace’ means a service provider which allows consumers
to conclude online contracts with traders and consumers on the online marketplace’s
online interface”. This can be seen as a quite problematic and complex definition.
This definition brings in another brand new term for the CRD, that of “online inter-
face”. According to the Proposal, in new Article 2(20) of the CRD, “‘online inter-
face’ means online interface as defined in point (16) of Article 2 of Regulation (EU)
2018/302”.59 Yet, one could ask how will the term “online interface”, encompassing
the term website, actually works, in parallel to the term “trading website” currently
found in the CRD?60 Furthermore, using the term “online marketplace” to define
what constitutes an “online marketplace” seems awkward. Additionally, one could
question whether the term “online marketplace” appears to be the appropriate one
for establishing transparency requirements for online sales at the EU level. This
notion seems quite restricted and does not seem to encompass other type of plat-
forms such as search engines or comparison tools. This is problematic as some
Member States, like France, have introduced more consumer friendly rules and this
EU amendment, considering especially its maximum harmonisation approach,
might “lead to a lowering of the level of protection for consumers that currently
exists in some Member States”.61
Furthermore, the additional information requirements, the Proposal brings for-
ward a list of four. These are “(a) the main parameters determining ranking of offers
56
Emphasis added.
57
Ibid.
58
Ibid.
59
According to this point “‘online interface’ means any software, including a website or a part
thereof and applications, including mobile applications, operated by or on behalf of a trader, which
serves to give customers access to the trader’s goods or services with a view to engaging in a trans-
action with respect to those goods or services”.
60
CRD, Article 8(3).
61
BEUC (2018), p. 4.
presented to the consumer as result of his search query on the online marketplace;
(b) whether the third party offering the goods, services or digital content is a trader
or not, on the basis of the declaration of that third party to the online marketplace;
(c) whether consumer rights stemming from Union consumer legislation apply or
not to the contract concluded; and (d) where the contract is concluded with a trader,
which trader is responsible for ensuring the application of consumer rights stem-
ming from Union consumer legislation in relation to the contract. This requirement
is without prejudice to the responsibility that the online marketplace may have or
may assume with regard to specific elements of the contract”. Reading these require-
ments one could easily claim that they form a good basis for strengthening transpar-
ency in online marketplaces. Yet, without doubt, these requirements can and shall be
improved.
In relation to Article 6a (a), one must comment that the term “main parameters”
used is vague and therefore problematic. What does this term actually encompass?
No examples can be found within the Proposal, in either an exhaustive or non-
exhaustive list. More importantly, the Proposal perplexes even further the meaning
of this term as Recital 19 states that “the obligation to provide information about the
main parameters determining ranking of search results is without prejudice to any
trade secrets regarding the underlying algorithms. This information should explain
the main default parameters used by the marketplace but does not have to be pre-
sented in a customized manner for each individual search query”. As Twigg Flesner
puts it “to some extent, this information requirement and the extended prohibition
in paragraph 11 of the UCPD discussed earlier would overlap – if a particular search
result is paid for, then this has to be disclosed under the latter provision”.62
In relation to the next requirement that deals with the status of the party offering
the goods, whether this is a trader depends solely on the declaration of this party.
Again, this rule appears problematic; one realises that the correctness of this infor-
mation depends solely on the goodwill of the third party to supply true information.
Yet, is this practically correct especially considering that the Proposal offers no
criteria in distinguishing between a trader and a non-trader, nor does it explain how
this declaration shall be practically applied? One could claim that this rule is dan-
gerous for two reasons. First, it will allow traders, acting on purpose, to make false
declarations. Experience has shown that various traders using collaborative econ-
omy platforms attempt to hide that they are professional traders.63 Yet, it will even
allow various others, acting unintentionally to proceed to incorrect declarations, as
it has been claimed, “the point at which the line is crossed and a private seller
62
63
Hotrec (2018), Hotrec in its position paper gives various examples of multiple listings with one
“host”. In page 2 of the Position Paper, it stated that “see for instance tourism accommodation
services offered through collaborative economy platforms, where multiple listings by traders are
common. E.g. on AirBnB, in Amsterdam, 20% of all listings are multiple listings, with 1 ‘host’ (in
reality a trader) having more than 100 apartments. In Athens and Brussels, respectively 42% and
36% of listings are multiple listings”.
engages in commercial dealing” is sometimes difficult to determine.64 More impor-

tantly, the Proposal does not explain what happens in case this third party makes a
false or incorrect declaration. Would the contract still be binding on the consumer?
Would it be possible for the consumer to sue for compensation? Furthermore, is
there any liability on behalf of the online platform operator? Quite recently in the
Wathelet65 case, the CJEU clarified that “the seller’s liability, in accordance with
Directive 1999/44, must be capable of being imposed on an intermediary who, by
addressing the consumer, creates a likelihood of confusion in the mind of the latter,
leading him to believe in its capacity as owner of the goods sold”. All these issues
need to be clarified.
On the requirement under Article 6a(c), one could question why this forms a
separate requirement and has not been instead inserted, as a second sentence, in
Article 6a(b) forming the legal consequence in case the third party, mentioned in the
latter provision, is actually a trader. This view can be argued to be strengthened if
one has a look at the wording of Article 6a(d). Furthermore, the phrase “Union con-
sumer legislation” is new to the CRD. One could ask why the phrase “Union law”
found elsewhere66 in the CRD has not been employed instead.
Lastly, Article 6a(d) appears puzzling. Which other trader might be responsible
for ensuring the application of consumer rights? Would that possibly be the online
marketplace supplier? Considering the gap existing in Article 6a(b) on the possible
liability of the supplier of the online marketplace, if at all, as to whether the third
party can be classified as a trader, the imposition of such an obligation at this latter
stage appears confusing.
3.4 D
igitalising the Scope of the CRD to Include Services: Are
These Changes Enough?
Over time, it has become clear that consumers are increasingly using various social
media services, such as Facebook or Instagram, as well as other online and messag-
ing services for which they do not have to provide back any money. However, these
online services are not provided actually for ‘free’. Consumers gain access to these
services after the supply of data to online service providers who use them as part of
their business model. Yet, the use of these online services does not remain without
problems in relation to the business to consumer (B2C) contractual relationship. As
a first step in combatting such contractual problems, in January 2019 the European
Parliament and the Council of the European Union, agreed to include in the scope
64
Federation of German Consumer Organisations (2018), p. 18.
65
CJEU, Sabrina Wathelet v Garage Bietheres & Fils SPRL, Case C-149/15, Judgment of 9
November 2016.
66
CRD, Preamble: paragraphs 13 and 18.
of the forthcoming Digital Content Directive (DCD) apart from digital content addi-
tionally digital services.67
Consequently, in an attempt to respond even more to this increased consumer
protection need, as well as to align the CRD with the forthcoming DCD, the
European Commission proposes to extend the scope of the CRD to cover the provi-
sion of ‘free’ digital services to consumers. The Proposal brings forward, inter alia,
various changes in Article 2 of the CRD regarding definitions. Under the updated
Article 2(11) of the CRD, “‘digital content’ means data which are produced and
supplied in digital form, including video files, audio files, applications, digital
games and any other software” while under the new Article 2(17) “‘digital service’
means (a) a service allowing the consumer the creation, processing or storage of, or
access to, data in digital form; or (b) a service allowing the sharing of or any other
interaction with data in digital form uploaded or created by the consumer and other
users of that service, including video and audio sharing and other file hosting, word
processing or games offered in the cloud computing environment and social media.”
Looking at these proposed definitions, one may note that, in contrast to the agreed
text of the DCD68 corresponding provisions, the Proposal provisions include addi-
tionally non-exhaustive examples. Although this minor difference might be unprob-
lematic, one could comment that it would have been better if both definitions were
fully aligned with the DCD. Furthermore, one could ask whether Recital 19 of the
CRD will remain unchanged. Under this Recital “if digital content is supplied on a
tangible medium, such as a CD or a DVD, it should be considered as goods within
the meaning of this Directive”. Interestingly, Article 3(3) of the agreed text of the
DCD states almost the opposite as it reads “with the exception of Articles 5 and 11,
this Directive shall apply also to any tangible medium which serves exclusively as a
carrier of digital content”.69 This ongoing asymmetry must be clearly and finally
solved.70
More importantly, under the new Article 2(18) “‘digital service contract’ means
a contract under which a trader supplies or undertakes to supply a digital service to
the consumer and the consumer pays or undertakes to pay the price thereof. This
67
https://data.consilium.europa.eu/doc/document/ST-5856-2019-INIT/en/pdf.
68
For a discussion of these definitions as they appeared in the 2015 pDCD see Giliker (2017),
pp. 106–109.
69
In Recital 12 of the DCD it is mentioned that “this Directive should also apply to digital content
which is supplied on a tangible medium, such as DVDs, CDs, USB sticks and memory cards, as
well as to the tangible medium itself, provided that the tangible medium functions only as a carrier
of the digital content. However, instead of the provisions of this Directive on the supplier’s obliga-
tion to supply as well as on the consumer’s remedies for failure to supply, the provisions of
Directive 2011/83/EU of the European Parliament and of the Council on obligations related to the
delivery of goods and remedies in the event of the failure to deliver should apply. In addition, the
provisions of Directive 2011/83/EU, for example on the right of withdrawal and the nature of the
contract under which those goods are supplied, should also continue to apply to such tangible
media and the digital content supplied on it. This Directive is also without prejudice to the distribu-
tion right applicable to these goods under copyright law”.
70
Prastitou Merdi (2017), pp. 140–141.
also includes contracts where the consumer provides or undertakes to provide per-
sonal data to the trader, except where the personal data provided by the consumer is
exclusively processed by the trader for the purpose of supplying the digital service,
or for the trader to comply with legal requirements to which the trader is subject,
and the trader does not process this data for any other purpose”. As a result of this
addition, consumers of both paid and ‘free’ online services would be entitled to the
same pre-contractual information, as well as to a right of withdrawal. This is an
essential and quite important addition. Yet, what shall be made clear is that various
questions still exist on this new definition. Many issues have been raised on this
addition from a purely data protection perspective such as the issue of valid consent,
as well as reference to the data protection legal framework in general and the GDPR
in particular.71 One point that shall be particularly brought forward within this chap-
ter is one that affects to a great extent the contractual relationship itself. One must
look at the complex relationship between the right of withdrawal from the contract
and the right of withdrawal of the consent for processing personal data. As it has
been aforementioned, under Article 9(1) of the CRD, the consumer shall have a
period of 14 days to withdraw from a contract, either being concluded at distance or
off premises. Furthermore, under Article 7(3) of the General Data Protection
Regulation (GDPR)72 “the data subject shall have the right to withdraw his or her
consent at any time. The withdrawal of consent shall not affect the lawfulness of
processing based on consent before its withdrawal. Prior to giving consent, the data
subject shall be informed thereof. It shall be as easy to withdraw as to give consent.”
In a case where for the conclusion of a digital service contract, a consumer provides
personal data to the trader, which is based on consent, it remains questionable
whether this 14 days contract withdrawal period, found in the CRD, can easily rec-
oncile with the right to withdraw consent, found in the GDPR. This is an issue that
the EU legislator must additionally work on.
4 Conclusion: A Good or a Bad Digital Deal?
This chapter has attempted to answer the question of whether the 2018 New Deal on
better enforcement and modernisation of EU consumer law forms an actually good
digital deal. Whilst the foregoing analysis has not covered every aspect of the
Proposal, various conclusions can easily be drawn from the matters discussed
herein.
It can be concluded that the European Commission must be overall applauded
for its attempt to work constantly on the area of EU consumer contract law. In gen-
eral, it would not be an overstatement to claim that European consumer contract law
71
See for example: European Data Protection Supervisor (2018).
72
movement of such data (GDPR), OJ L 119/1.
lies at the heart of European private law. Therefore, looking at the latest steps taken
by the Commission in this area of law, starting off with the REFIT and CRD evalu-
ations and moving on, inter alia, to the 2018 New Deal, after considering, yet not
extensively,73 the findings of these evaluations, as well as other factors such as the
Dieselgate scandal effect in the EU, one can easily claim that it ascribes to this area
of law a position in its top priority legislative list.
Yet, the 2018 Proposal, in detail, two important points must be brought forward.
First, one must look at the approach of this Proposal in certain places. Based on the
above analysis, it has become clear that despite the overall theoretical priority
ascribed to the area of EU consumer protection specific provisions found therein
appear to reduce dramatically consumer protection. More importantly, by amending
the right of withdrawal, encompassing a brand new vague exception to its applica-
tion, as well as extending the timing of reimbursement in the event of withdrawal to
the detriment of the consumer, the Commission drops significantly the level of EU
consumer protection. Furthermore, certain other provisions such as the new, yet
limited in content, ‘online marketplace’ definition, when coupled with the maxi-
mum harmonisation character of the Proposal seems to reduce once again the con-
sumer protection level in various member states of the EU. It therefore becomes
clear that in a legislative proposal titled New Deal for consumers, such provisions
shall be definitely rethought.
Furthermore, apart from the approach of this Proposal one cannot remain silent
on its content. Examining the four main changes brought forward by the Proposal,
one can easily conclude that their content appears overall problematic and ambigu-
ous, and many questions still need to be answered. One may ask, inter alia, (a) in
relation to the proposed individual right to redress for unfair commercial practices:
what other contractual or non-contractual remedies might may or shall be included
at national level? (b) In relation to the new exception to the right of withdrawal
regarding goods handled more than necessary: when does actually testing end and
use begin? (c) In relation to the additional requirements for online platforms: what
are the criteria for distinguishing between a trader and a non-trader selling goods in
an online marketplace? Finally, (d) in relation to the new term of “digital service
contract” how will the 14 days contract withdrawal period, found in the CRD, rec-
oncile with the right to withdraw consent, found in the GDPR?
Generally, this Proposal appears to form a first step, rather than a good digital
deal, in adjusting the directives concerned to the digital era and economy.
Considering the above analysis, several of its provisions must be rethought both
from an approach, as well as from a content perspective, before becoming official
EU legislation. Otherwise it will be soon regarded as a bad deal.
One cannot remain silent on the fact that many recommendations of both the REFIT and CRD
73
evaluations have not been followed. See Loos (2019).

References
BEUC (2018) Proposal for a better enforcement and modernisation of EU consumer protec-
tion rules – “Omnibus Directive” The BEUC view. https://www.beuc.eu/publications/beuc-
x-2018-081_omnibus_directive.pdf
Durovic M, Micklitz HW (2017) Internationalization of consumer law – a game changer. Springer,
Cham
European Data Protection Supervisor (2018) EDPS Opinion 8/2018 on the legisla-
tive package “A New Deal for Consumers”. https://edps.europa.eu/sites/edp/files/
publication/18-10-05_opinion_consumer_law_en.pdf
Federation of German Consumer Organisations (2018) A new deal for consumers – effective
enforcement of consumer rights, Position paper on the proposals of the European Commission
for the Directive on representative actions, COM(2018) 184 final, and the Directive on bet-
ter enforcement and modernisation of EU consumer protection rules COM(2018) 185 final.
https://www.vzbv.de/sites/default/files/downloads/2018/09/03/18-08-28_en_position_paper_
new_deal.pdf
Giliker P (2017) Regulating contracts for the supply of digital content: the EU and UK response.
In: Synodinou T-E et al (eds) EU Internet Law – regulation and enforcement. Springer, Cham,
pp 101–124
Hotrec (2018) HOTREC position on better enforcement and modernisation of EU consumer
protection rules: a good basis that must be supported and improved. https://www.hotrec.eu/
wp-content/customer-area/storage/60b28e69da3429b668064045a4ba591f/D-0618-167-AW-
DM-HOTREC-position-on-enforcement-and-modernisation-of-EU-consumer-protection.pdf
Loos M (2019) The modernization of European consumer law: a pig in a poke? Eur Rev Priv Law
27(1):113–134
Mak V, Lujinovic E (2019) Towards a circular economy in EU consumer markets – legal possibili-
ties and legal challenges and the Dutch example. J Eur Consumer Mark Law 8(1):4–13
Prastitou Merdi T (2017) The proposed new digital single market contact law directives: a new
start for digital European contract law? In: Synodinou T-E et al (eds) EU Internet Law – regula-
tion and enforcement. Springer, Cham, pp 125–161
Rott P (2010) The balance of interests in distance selling law – case note on Pia Messner v. Firma
Stefan Krüger. Eur Rev Priv Law 18(1):185–194
Šajn N (2018) Modernisation of EU consumer protection rules A new deal for consumers,
European Parliamentary Research Service. http://www.europarl.europa.eu/RegData/etudes/
BRIE/2018/623547/EPRS_BRI(2018)623547_EN.pdf
Twigg Flesner C (2018) Bad hand? The “New Deal” for EU consumers. https://papers.ssrn.com/
sol3/papers.cfm?abstract_id=3178952
Von Bar C et al (2008) Principles, definitions and model rules of European Private Law. Draft
Common Frame of Reference (DCFR). Interim Outline Edition; prepared by the Study Group
on a European Civil Code and the Research Group on EC Private Law (Acquis Group) Munich
Watson J (2016) Withdrawal rights. In: Twigg-Flesner C (ed) Research handbook on EU consumer
and contract law. Edward Elgar, Cheltenham, pp 241–265
Chapter 17
Alternative Dispute Resolution (ADR) &
Online Dispute Resolution (ODR) for EU
Consumers: Τhe European and Cypriot
Framework
Anna Plevri
Abstract Τhe paper discusses Alternative Dispute Resolution (ADR) and, espe-
cially, Online Dispute Resolution (ODR) as an alternative dispute resolution method
with the help of online technology. Moreover, the article aims to present the “mech-
anism” of the online platform, launched by the European Commission on the 15th
of February 2016, where consumers and traders can resolve online disputes arising
from online purchases. This ODR platform offers a single point of entry that allows
consumers and traders across the EU to settle their disputes arising from both
domestic and cross-border online markets and purchases. Moreover, the paper pres-
ents the legal framework of the ODR platform, namely the EU Regulation No
524/2013 regarding online resolution of consumer disputes and the EU Directive
2013/11 for consumer disputes. Finally, the paper also outlines in a comparative
way the Cypriot ADR and ODR framework, and examines how European consum-
ers are or could be helped by ODR when it comes to consumer disputes in compari-
son to the traditional court proceedings.
1 Introduction
ADR refers to Alternative or Appropriate or Amicable Dispute Resolution methods

through which parties can resolve their disputes out of the framework of the govern-
mental judicial system.1 The most well known forms of ADR are arbitration
1
Α detailed analysis of ADR, ODR and “Legaltech” is provided in Kaisis (2018), pp. 309–318,
p. 343.
A. Plevri (*)
School of Law, University of Nicosia, Nicosia, Cyprus
e-mail: plevri.a@unic.ac.cy

https://doi.org/10.1007/978-3-030-25579-4_17
368 A. Plevri
(including fast track arbitration), mediation2 and negotiation.3 The spectrum of

ADR methods includes also conciliation, ombudsmen and judicial or private early
neutral evaluation.4
Resolving disputes through ADR, in general, is easier, faster and less expensive
than resolving disputes before a court. In the European Union, ADR procedures can
take different forms and have different names, e.g., mediation, conciliation, ombuds-
men, arbitration, complaints boards, etc.
It is obvious that ADR methods are alternative to court litigation, where one (or
more) competent state judge decides on a specific dispute, often after a long and
burdensome procedure going on for years, which is actually the case in Cyprus, in
Greece and in many other European countries. Moreover, usually there is a full right
of appeal and a hearing before the Court of Appeal or the Supreme Court, so the
delay may result to a “waiting period” of seven to eight years for a final judgment.5
In addition, when it comes to the judgments of courts, there is the barrier of limited
international enforceability, especially outside of Europe (for instance Japan, China,
etc.). On 2 July 2019, the HCCH finalised the text for a new multilateral treaty: the
2019 HCCH Convention on the Recognition and Enforcement of Foreign Judgments
in Civil or Commercial Matters. The 2019 HCCH Judgments Convention has been
2
See further, Walker (2017a), pp. 15–31. On the landscape of ADR provisions in England and
Wales, see Civil Justice Council, ADR Working Group, ADR and Civil Justice, Interim Report
(October 2017), 15–16 and for Overseas 41–48, https://www.judiciary.gov.uk/wp-content/
uploads/2017/10/interim-report-future-role-of-adr-in-civil-justice-20171017.pdf and ADR and
Civil Justice, CJC ADR Working Group Final Report (November 2018). Section 3: 3.8–3.10.
Available at: https://www.judiciary.uk/announcements/new-report-on-alternative-dispute-
resolution/.
3
In the UK, another ADR technique similar to negotiation (least evaluative) is the Round Table
Meetings (RTMs). The RTMs operate ‘in the direct shadow of the civil courts’. Sometimes they are
described as ‘mediation without the mediator’ as there is no process manager in this type of
ADR. Process is worked out by the lead lawyers for each party, who also are the main protagonists
in the discussion. This process is frequently deployed in the UK, particularly in clinical negligence
and personal injury cases, albeit when it does not lead to settlement, it is sometimes followed by a
formal mediation which may yet lead to settlement. See in detail, ADR and Civil Justice, CJC ADR
Working Group Final Report, November 2018, Section 3: Τhe types of ADR available, 3.6.
Available at: https://www.judiciary.uk/announcements/new-report-on-alternative-dispute-
resolution/.
4
See ADR and Civil Justice, CJC ADR Working Group Final Report (November 2018), Section 3:
3.8–3.10.
5
The EU justice scoreboard as an information tool, provides comparable data on the independence,
quality, and efficiency of national justice systems. See: https://ec.europa.eu/info/policies/justice-
and-fundamental-rights/effective-justice/eu-justice-scoreboard_en. The scoreboard mainly
focusses on civil, commercial and administrative cases. In figure 1 of the 2018 EU Justice
Scoreboard, one can see the legislative and regulatory activity concerning justice systems in 2017
(adopted measures/initiatives under negotiation per member state). In column 2 of this figure on
the promotion of ADR methods, Cyprus (CY) and Greece (EL) are located at low level.
Furthermore, in figure 7 of the same Scoreboard there is a presentation on the time needed to
resolve civil, commercial, administrative and other cases (1st instance/in days) where it is pre-
sented that in Cyprus the above needed time is more than 800 days. See also figures 8 and 9 of the
above Scoreboard on the time needed to resolve litigious civil and commercial cases per Member
State. It is worth noting that for some Member States, there are no available data.
17 Alternative Dispute Resolution (ADR) & Online Dispute Resolution (ODR) for EU… 369
adopted on 8 July 2019. It will be a single global framework and a legal regime,
enabling the free circulation of judgments in civil or commercial matters across
borders, the reduction of transactional and litigation costs in cross-border dealings
and the promotion of international access to justice. In the EU of course, these mat-
ters are regulated by relevant Regulations such as the Regulation (EU) No 1215/2012
of the European Parliament and of the Council of 12 December 2012 on jurisdiction
and the recognition and enforcement of judgments in civil and commercial
matters.6
Furthermore, it is well known that trade and business are sectors where commer-
cial and economic conflicts frequently arise in an international level. Thus, busi-
nesses, companies, traders, suppliers and other individuals need to consider the
factors of time and cost to choose an appropriate, a suiting dispute resolution
method. Additionally, because of factors such as the complexity of some disputes,
the length of court proceedings and other factors in specific industries, ADR meth-
ods became an often and powerful tool, used by parties internationally to protect
and safeguard valuable economic interests and rights.
The following chapter aims to present shortly but effectively mediation as an
ADR method. At first, it will discuss the definition and core characteristics of medi-
ation and then the key features and benefits of it. The chapter ends with a short
analysis of the mediator’s role.
2 Mediation as an ADR Method: A Short Presentation
When it comes to mediation, it is well known that the ADR method does not end
with a judgment as an outcome of the process.7 Mediation seeks a voluntary solu-
tion which is acceptable to the parties involved in a dispute.8 Moreover, mediation
is a flexible, cost-effective and confidential procedure, which assists the parties with
the help of a third, neutral person, the mediator, to find common ground and work
towards settling and reaching an agreement without delay.9 In addition, mediation is
a ‘civilised’ way to resolve a dispute because, unlike the adversarial method of liti-
gation, mediation is best suited to those cases where the parties genuinely wish to
avoid prolonging the dispute and to preserve their relationship. In this framework,
mediation is not just an amicable alternative but also an appropriate and effective
way to resolve certain categories of disputes, such as civil, family, commercial or
workplace, where there are specific positions, interests and needs of the disputant
parties, but who would like to preserve their (family, working, commercial, business
6
Available https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32012R1215&fro
m=EN.
7
Plevri (2018), p. 234.
8
Rewald (2014).
9
Comparison of laws, regulatory models and fundamental issues of mediation are discussed in
Hopt and Steffek (2013), pp. 3–127. On the core principles, key points and process of mediation,
see Aubrey-Johnson and Curtis (2012), pp. 3–30.
370 A. Plevri
etc.) relationship and cooperation after the resolution of their dispute. This is not the
case in civil litigation, where the litigants become involved in a court battle. In other
words, one could further define mediation as a confidential method of voluntarily
resolving disputes between two or more parties out of court, with the help of a third
neutral individual, the moderator.
More specifically, mediation is a confidential method of voluntarily resolving
disputes between two or more parties out of court, with the help of a third, neutral,
intermediary person, the mediator, who assists the parties in negotiating and reach-
ing a settlement they both accept.10 Moreover, mediation could be viewed as a pro-
cess of facilitated negotiation, under which, disputants parties have an actual
opportunity to settle early, reducing (emotional) stress, acrimony and legal costs. At
the same time, mediation is a way for the opposing parties to save time through a
constructive dialogue.
According to the revised definition of mediation of the Centre for Effective
Dispute Resolution (CEDR): ‘Mediation is a flexible process conducted confiden-
tially in which a neutral person actively assists parties in working towards a negoti-
ated agreement of a dispute or difference, with the parties in ultimate control of the
decision to settle and the terms of resolution’.11 This definition seeks to emphasise
the idea that while mediation is a process with a powerful format, it is nevertheless
fundamentally flexible. Furthermore, it highlights that mediation is a safe environ-
ment where parties can talk freely, experiment with ideas and are ultimately in con-
trol of the process. It also stresses that mediators should be proactive in assisting
parties to find a solution, although the parties have ownership of the outcomes.12
The key features and benefits of mediation as an alternative dispute resolution
method13 could be listed as following14: (i) In comparison to litigation and/or arbi-
tration, mediation is time effective. A dispute may be resolved just in some hours,
since no lengthy submissions, cross examination, discovery and legal arguments are
involved. (ii) Mediation is a voluntary process. This means that the opposing parties
are the ones who decide and actually try to resolve their dispute through mediation.
The outcome of mediation (if any) is commonly elaborated and agreed by the par-
ties. Even in jurisdictions such as in England and Wales where the civil litigation
rules do not make mediation mandatory, there is pressure on parties to go to media-
tion before going to trial. Mediation clauses are also increasingly used in commer-
cial contracts instead or as a supplement to arbitration clause. Furthermore, in
mediation, the parties have the power and opportunity to choose their mediator and
they have control on their dispute too. Of course, the parties may be compelled to
go to mediation but they cannot be compelled to reach a settlement. This would be
contrary to the protection of the right to access to court and the right of a person to
be heard by a court in a judicial scheme, as well as to each person’s private auton-
10
See further, Walker (2017a), pp. 15–16, 28–30, 32–36.
11
See CEDR, ‘CEDR revises definition of mediation’ (2004, November 1), available at https://
www.cedr.com/solve/mediation/.
12
See the above footnote.
13
Regarding the various mediation models, see Walker (2017a), p. 74.
14
See Plevri (2018), pp. 235–237.
omy. All these rights are of course protected by the Constitution of each state and
the European Convention on Human Rights (ECHR, Article 6). Thus, in mediation,
the parties only settle their dispute if they want to settle.15 (iii) The outcome of
mediation is binding and enforceable for the parties according to the provisions of
the national mediation legislation of each state and when it comes to the EU, under
the Directive 2008/52/EC of the European Parliament and of the Council of 21 May
200816 on certain aspects of mediation in civil and commercial disputes.17 (iv) Τhe
procedure of mediation in total is confidential.18 This means that any information
disclosed during mediation may not be used in subsequent arbitration or litigation
proceedings (without prejudice). The element of confidentiality is crucial in all
stages of the mediation process, meaning preparation, opening, exploration, nego-
tiation and closing. This specific aspect of mediation is very important in connec-
tion with the reputation, fame, personal information, data, etc. for both individuals
and corporations. It is also remarkable that the advantage of confidentiality in medi-
ation provides to the parties the opportunity to resolve their differences in a way that
will not attract negative publicity. They actually have the chance to disclose infor-
15
Walker (2017a), p. 33.
16
Directive 2008/52/EC of the European Parliament and of the Council of 21 May 2008 on certain
aspects of mediation in civil and commercial matters (hereinafter Parliament and Council Directive
on Mediation), available at: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:1
36:0003:0008:En:PDF.
17
On the implementation of the Mediation Directive in the EU, see the June 27th 2017 Report on
the implementation of Directive 2008/52/EC of the European Parliament and of the Council of 21
May 2008 on certain aspects of mediation in civil and commercial matters (the ‘Mediation
Directive’), of the Committee on Legal Affairs of the EU. Rapporteur: Kostas Chrysogonos.
Available at: http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//
TEXT+REPORT+A8-2017-0238+0+DOC+XML+V0//EN#title1. The main findings of the above
report, among others, are: Almost all Member States opted to extend the Directive’s requirements
to domestic disputes too. A number of Member States allow the use of mediation in civil and com-
mercial matters, including family and employment matters, while not explicitly excluding media-
tion for revenue, customs or administrative matters or for the liability of the State for acts and
omissions in the exercise of State authority. All Member States foresee the possibility for courts to
invite the parties to use mediation. 15 member states introducing the possibility for courts to invite
parties to information sessions on mediation. Less than half of the Member States have introduced
an obligation in their national laws to spread information about mediation. The report also noted
the need of a balanced relationship between mediation and judicial proceedings. See also,
Tymowski (2016). In addition, on 27 November 2018, the EU Parliament organised an inter-par-
liamentary committee meeting, in cooperation with the European Network of Ombudsmen.
Members of the 28 national parliaments were also invited. In this committee meeting, the key
findings of the briefing note titled: ‘A Ten-Year-Long EU Mediation Paradox – When an EU
Directive Needs To Be More … Directive’ were presented. More specifically, it was noted that ten
years since its adoption, the EU Mediation Directive remains very far from reaching its stated goals
of encouraging the use of mediation and especially of achieving a ‘balanced relationship between
mediation and judicial proceedings’ (Article 1 of the Directive). The entire briefing note is avail-
able at http://www.europarl.europa.eu/RegData/etudes/BRIE/2018/608847/IPOL_
BRI(2018)608847_EN.pdf. The link to the video recording of the meeting, simultaneously
interpreted in the 23 official languages of the EU is the following: http://www.europarl.europa.eu/
ep-live/en/committees/video?event=20181127-0930-COMMITTEE-PETI-JURI.
18
See Walker (2017a), pp. 33–34, 127–130, 229–237.
372 A. Plevri
mation in a “safe environment”. (v) Through mediation, the parties have the chance
to restore and preserve their future relationships or even create opportunities of
further cooperation, etc. It is well known that the “litigation battle” creates enemies,
while mediation does not. In addition, in the mediation framework, the parties have
the possibility to find effective solutions, tailor made to their interests and needs.
This is an opportunity that is not possible in court proceedings, where specific rem-
edies apply and there are limitations on the certain content of court’s orders. (vi)
When it comes to the cost of mediation, compared to that of litigation and/or arbitra-
tion, there is a clear advantage of mediating especially early in the timeline of a
dispute.19 It is about the potential cost that one can save from an early settlement. In
any case, “the cheapest lawyer is a settlement”.20
Based on the above analysis, one could conclude that mediation is not a panacea
for all kinds of dispute.21 As any other process, mediation has disadvantages, which
are often overlooked. For instance, parties should not use mediation to get to the
truth of disputed matters but to find a mutually acceptable solution. Moreover, while
in litigation, lawyers have legal arguments, tools and methods to produce evidence
and testimony, this is not the case in mediation. Mediators have specific skills that
may help restore balance, but there is a limit to what they can do. Finally, mediation
may not be successful and the parties may not reach an agreement. In this case, the
disputants will have to go through the time-consuming and expensive process of a
trial after having spent time and money in mediation.
On the mediator’s role,22 it should at first be noted that the mediator is a third,
neutral person, who tries, by using specific skills and techniques such as active lis-
tening, open questioning, positive reframing, empathy, acknowledgement of the
emotions of the parties and summarising, to help the opposing parties to reach an
amicable solution and resolve their dispute in a mutually acceptable manner. The
mediator is neither a judge nor an arbitrator. As a third, neutral, intermediary person,
the mediator listens to potential apologies, explores possible points of settlement
and realistic solutions, discusses with each party possible agreements, and23 priori-
tises the main points of the dispute and the key issues for each party. Moreover,
every mediator should practice of course in compliance to the fundamental rules of
conduct for mediators according to the national legislation of each state (if any) and
in the EU, under the European Code of Conduct for Mediators.24 The European
Code of Conduct for Mediators sets out a number of principles to which individual
mediators may voluntarily decide to commit themselves, under their own responsi-
bility. It may be used by mediators involved in all kinds of mediation in civil and
commercial matters.
19
This is of high importance for jurisdictions where civil or commercial claims (too) are decided
by jury and/or the legal costs in litigation are high.
20
Quote of unknown American.
21
Plevri (2018), p. 237.
22
See in detail, Walker (2017a), pp. 39–49, 51–58. On the mediation profession, business or job,
see Walker (2016, 2017b).
23
Zone of Possible Agreement, the so-called ZOPA.
24
Available http://ec.europa.eu/civiljustice/adr/adr_ec_code_conduct_en.pdf.
3 Legislative Framework of ADR and ODR in Cyprus
3.1 Mediation in Cyprus
Cyprus25 is a state with a mixed legal system26 and not a pure common law jurisdic-
tion. The major parts of the law, though, belong to the tradition of common law.
Mediation has been introduced in Cyprus by the (applicable) Mediation on Civil
Disputes Law 159(I) of 2012,27 which was enacted on 16 November 2012 and gov-
erns the mediation process.28 This law harmonised Cypriot legislation with the
(above) Mediation Directive 2008/52/EC29 of the European Parliament and of the
Council of 21 May 2008 on certain aspects of mediation in civil and commercial
matters. In this way, Cyprus adopted appropriate legislation regarding mediation.
Yet, this was not enough to actually have mediation practice in Cyprus and to ben-
efit from its advantages. In any case, the adoption of laws does not necessarily result
in a broader understanding and actual practice of mediation.30
The theoretical influence of the “Anglo-Saxon mediation” is more or less present
in the model of mediation in European countries,31 especially when it comes to
communication techniques and psychology elements in training, principle of confi-
dentiality in the procedure and the fact that the final solution-outcome of mediation
should be reached by the parties. The provisions of the above law are applicable to
certain aspects of civil and commercial disputes, whether cross-border or not, as
well as to cross-border labour disputes.
Under the provisions of the Mediation Law, mediation is regulated in Cyprus32 as
an alternative, voluntary, out of court, confidential and cost effective dispute
25
Cyprus was a British colony until 1960. After 1974, the island is until now divided in two parts.
The south part is the Republic of Cyprus has a Greek-Cypriot population and is a member of the
European Union. The north part of the island is the part where the Turkish-Cypriots live and is not
a member of the European Union. This paper refers to the legal order of the Republic of Cyprus.
26
See Hatzimihail (2013).
27
See, the website of the Cyprus Bar Association: http://www.cyprusbarassociation.org/index.php/
en/for-lawyers/mediation where there the Law 159 (I) of 2012 is available in Greek. The law is also
available in Greek at www.cylaw.org.
28
See Emilianides and Charalampides (2014), pp. 103–123 on the monistic legal framework of
Law 159 (I)/2012. See Emilianides and Xenofontos (2012), pp. 92–94, regarding the long tradition
of Cyprus of mediation mechanisms in labour law disputes.
29
On the transposition of the EU Mediation Directive in Cyprus, see Emilianides and Charalampides
(2014), pp. 103–123; Emilianides and Xenofontos (2012), pp. 87–95; Georgiades (2012),
pp. 47–58; Georgiades (2014), pp. 99–107.
30
See Plevri (2018), p. 241.
31
For a short summary of mediation in China, where there is a millennial tradition in mediation, 4
kinds of procedures and 800,000 centres of mediation, see Tang (2014).
32
Article 2 of Law 159 (I)/2012: ““mediation” means a structured process, however named or
referred to, whereby two or more parties to a dispute attempt by themselves, on a voluntary basis,
to reach an agreement on the settlement of their dispute with the assistance of a mediator. Provided
that, it excludes any attempt that may be made by the Court or judge seized to settle a dispute in
the course of judicial proceedings concerning the dispute in question”.
374 A. Plevri
resolution method.33 Unfortunately in the Cypriot culture, there is no tradition on

mediation although other types of ADR such as arbitration are often in practice
especially in commercial and construction disputes. In this framework, the current
actual mediation practice in Cyprus is moving slowly despite the fact (as a reality in
other countries of Europe) that this method of ADR could actually resolve many
disputes, in a jurisdiction where a period from 3 to 8 years approximately is usually
needed to achieve a final and enforceable34 court’s decision in civil and/or commer-
cial disputes because of the large caseload that is overwhelming the courts.
Consequently, this is causing substantial delays to the administration of justice. At
this point, the findings of a very recent report on the Functional Review of the
Courts System in Cyprus, conducted and delivered by the Institute of Public
Administration of Ireland, dated March 27 of 201835 are very enlightening. In the
above report it is stated that: (i) “Serious deficiencies with the operations of the
courts system highlighted in previous reports e.g. Erotocritou Report (Report of the
Supreme Court on operational needs of the courts, 2016)”, (ii) “Comparative EU
studies e.g. EU Justice Scoreboard, show that while Cyprus scores relatively highly
on judicial independence, it scores poorly on measures of efficiency e.g. length of
time for case to be processed through the courts, and measures of quality e.g. infor-
mation available to the public”.
Furthermore, it was emphasised that the key challenges of the system are: (i)
“Problem of delay in the system is chronic, and the backlog of cases is growing year
by year”, (ii) “Average waiting time for hearing of an appeal at the Supreme Court
was 6.3 years at end- 2016, with 4300 cases pending at the end of that year”, (iii)
“In the past 10 years the number of civil and criminal appeals filed has increased by
over 90%”, (iv) “In District Courts the main area of delay is with Civil Cases, where
the backlog is increasing year by year”. In addition, in the above report it is noted
regarding the delays in Cypriot justice, that there are “serious implications of the
delays for reputation, business and investment, and rule of law” and there is “little
use of alternative dispute resolution”. Thus, it is explicitly stated in the report that
“to continue with the current system without major reform is not an option”.
33
According to the legislation, there are certain prerequisites for the official registration of media-
tors to the Mediation Registry of the Ministry of Justice and Public Order, which include necessary
mediation training, etc. A register of mediators has been created under the supervision of the
Cypriot Ministry of Justice and Public Order, and a number of mediation training courses are tak-
ing place in Cyprus on a frequent basis.
34
See the 2018 and 2017 EU Justice Scoreboards, published by the European Commission, which
give a comparative overview of the quality, independence and efficiency of justice systems in the
European Union and aims at assisting Member States to improve the effectiveness of their justice
system. More specifically figures 4, 5, 7, 8, 10 and 11, where statistics about Cyprus (among other
Member States) are provided, see https://ec.europa.eu/info/policies/justice-and-fundamental-
rights/effective-justice/eu-justice-scoreboard_en and http://ec.europa.eu/justice/effective-justice/
scoreboard/index_en.htm.
35
See http://www.supremecourt.gov.cy/Judicial/SC.nsf/All/F8C912FFF71E0020C225825D0038
F145/$file/Functional%20Review%20of%20Courts%20System%20of%20Cyprus%20IPA%20
Ireland_Final%20Report%20March%202018.pdf.
It is moreover important that among the recommendations of the report, espe-

cially on the area of ADR, there is a proposal to “introduce ADR mechanisms in
consumer disputes and injuries assessments, and consider making recourse to these
a requirement prior to recourse to court” and “amend Rules of Court to support
mediation, particularly to be encouraged where settlement is a likely outcome”.
It is worth noting that the Ministry of Justice and Public Order of the Republic of
Cyprus is currently exploring ways to promote effectively mediation. In this frame-
work, the Ministry has commissioned experts to conduct a study on various issues
related to the institution of mediation, which primarily concern the quality of ser-
vice provided by mediators, as well as to inform the public about mediation and
access to mediators. The content of this study includes specific suggestions regard-
ing the reform of the mediation legislation of Cyprus, specially the Mediation on
Civil Disputes Law 159 (I) of 2012. Briefly, the above study contains a comparative
overview of the institution of mediation in Europe, various “types of mediation”
that could be implemented in Cyprus, possible ways of upgrading the quality of
mediation services and promote mediation in Cyprus and finally specific sugges-
tions of necessary amendments to the legislation on mediation, civil procedure, etc.
It should be noted that one of the proposals of this study is the implementation of
compulsory mediation in specific categories of civil and commercial disputes, such
as claims up to 10,000 euro. Lastly, the Ministry has raised a number of issues
related to mediation and the findings of the above study for consultation with any
interested party. This (public) consultation process ran until 28 September 2018.36
The provisions of the Cypriot Mediation on Civil Disputes Law 159(I) of 2012
are applicable to certain aspects of civil37 and commercial disputes, whether cross-
border or not, as well as to cross-border labour disputes.38 This law is not applicable
to family disputes as it is explicitly defined in Article 2 of the law regarding its
scope. The wording of the above law is broad enough to capture the whole spectrum
of commercial disputes, as well as every kind of civil dispute.
36
See further http://www.mjpo.gov.cy/mjpo/MJPO.nsf/All/35831E1FF7421AE2C22582E300384
881?OpenDocument (August 8th, 2018) (in Greek) and http://www.cylegalnews.com/2018/08/
blog-post_25.html?m=1 (in Greek).
37
Article 2 of Law 159 (I)/2012: “In this Law, unless the context otherwise provides- “civil dis-
pute” means any dispute which may be an object of civil proceedings by the meaning assigned to
this term by virtue of the Courts Law and includes labor disputes but does not include family dis-
putes. “Commercial dispute” means dispute arising from a commercial transaction between
undertakings or between undertakings and public authorities, as this term is interpreted by the
Combating Late Payment in Commercial Transactions Law”.
38
Article 3 of Law 159 (I)/2012: “3. – (1) Subject to the provisions of subsection (2), this Law shall
be applied to civil disputes, including cross-border disputes. (2) This Law shall not apply - (a) to
any civil disputes, whether cross-border or not, concerning certain rights and obligations, for
which the parties are not free to decide themselves under the relevant applicable law; (b) to labor
disputes which are not included in the cross-border disputes, notwithstanding if no rights and
obligations are raised thereof, for which the parties are not free to decide themselves under the
relevant applicable law (c) to any revenue, customs or administrative disputes, or matters relating
to the liability of the state for acts or omissions in the exercise of state authority. (“acta jure
imperii”).
376 A. Plevri
Moreover, the above mediation law does not apply to any dispute in which the
parties have no freedom to determine pursuant to the applicable law, and to tax,
customs, administrative disputes or disputes concerning the state’s actions or omis-
sions. This law constitutes an attempt to regulate the mediation process by contain-
ing provisions for, among others, the creation of a register of mediators and relevant
minimum requirements, mediators’ duties during the mediation process, procedural
matters of the mediation process, the role of the court and the issue of the enforce-
ment of any settlement agreement reached.
The Financial Ombudsman of the Republic of Cyprus examines consumers’
complaints against credit institutions with a view to settling those disputes and
moreover aids and cooperates with certified mediators to resolve financial disputes
between consumers and banks pursuant to the provisions of Law 84(I)/2010 on “the
establishment and operation of a single agency for the out-of-court settlement of
disputes of a financial nature (financial ombudsman)”, which was enacted to imple-
ment EU Commission Recommendation 98/257/EC. Under Law 84(I)/2010, as
amended or replaced, debt restructuring mediations are actually taking place in
Cyprus between consumers and banks.
Online Dispute Resolution is established in Cyprus for disputes between con-
sumers and businesses via the Consumer Protection Service of the Ministry of
Energy, Commerce and Industry, under the relevant European and national legisla-
tion, which is the Directive 2013/11/EU of the European Parliament and of the
Council of 21 May 2013 on alternative dispute resolution for consumer disputes and
amending Regulation (EC) No. 2006/2004 and Directive 2009/22/EC (Directive on
consumer ADR),39 the Alternative Consumer Dispute Resolution Law of 2015 (No
85 (I)/2017) and the Regulation (EU) No 524/2013 of the European Parliament and
of the Council of 21 May 2013 on online dispute resolution for consumer disputes
and amending Regulation (EC) No. 2006/2004 and Directive 2009/22/EC
(Regulation on consumer ODR).40 Although no relevant official statistics are avail-
able, the truth is that the civil and commercial mediation practice in Cyprus today,
seven years after the enactment of the mediation Law (159 (I)/2012), is an unfortu-
nately just an exception and mediation is not an actual part of the dispute resolution
sector in civil and commercial cases. The existence of a mediation legislation itself
is not enough in order to promote and enhance the use of mediation in practice. This
is the case for Cyprus too. The local legal culture performed an indolent resistance
to embracing the full benefits of the mediation process. In addition, it is notable that
Section 15 (1) of the Mediation Law41 provides that the court before which an action
39
http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:32013L0011.
40
http://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex:32013R0524.
41
Article 15 of Law 159 (I)/2012: “15. -(1) A Court, before which judicial proceedings are brought,
in relation to a case that falls within the scope of this Law, at any stage of the proceedings and
before the issue of a decision, may (a) invite the parties to appear before it, to inform them on the
use of mediation and the possibility of settlement of their dispute by using this procedure; and (b)
upon a common request of all the parties or one of them, with the explicit consent of the others,
when appropriate and having regard to all the circumstances of the case, postpone the judicial
proceedings so that mediation can take place. (2) In the event that any of the parties does not agree
is pending may invite the parties to attend an information session on the use of
mediation and the possibility of resolving the dispute via mediation. In that case,
any of the parties may veto the above suggested possibility and the consent of all
parties is required before the power of the court to stay proceedings for mediation
to take place is exercised.
Another important notice is that the general “picture” of the relationship of the
(civil) justice system and ADR in Cyprus, is characterised by the combined absence
of both a court’s power to compel parties to participate in any form of ADR practice,
other than arbitration and a substantive or procedural obligation on litigants to con-
sider ADR before the proceedings start.
According to my view, the reasons for holding back the actual practice of media-
tion in Cyprus could be summarised as follows. Firstly, there is the fact that the
majority of people, businesses, companies, etc. do not actually know much or even
regarding this ADR method. This means that the levels of awareness of mediation in
Cyprus are very low. In other words, there is a misinformation gap on the potential
benefits mediation may confer over the litigation process in Cyprus. In addition, it
has to be noted that the “attitude” of the Bar has contributed into the above result.
Lawyers should play an important role at promoting and encouraging mediation as
an effective way of avoiding costly and time-consuming court cases, where
only one can be the winner.42 This role could be seen as a duty of lawyers.
Secondly, filing an action to court in Cyprus in general, is not too expensive and
the costs of civil litigation are not as high as they are in other jurisdictions, for
example the UK or in the USA, where ADR methods are “blooming”.
Thirdly, courts in Cyprus are not doing enough to promote and encourage media-
tion at the early stages of a dispute. Finally, the popularity of mediation in Cyprus
could increase if the mediation law would be amended in a way that a power is
conferred on the court to compel parties and their legal representatives to engage in
the mediation process and moreover to consider, acknowledge and embrace the full
benefits of mediation as an effective dispute resolution method.
The option of “compulsory mediation” as a pre-trial condition before the hearing
of a claim or by court mandate is a possibility for every European legislator in the
framework of a justice system and its relationship with ADR. This policy maintains
that mediation is an adjunct to, not a replacement for, litigation. The success, flexi-
bility and effectiveness of this model of mandatory mediation may be an issue in
to use mediation, the Court shall proceed with the judicial proceeding. (3) In the decision of the
Court to postpone the judicial proceeding, issued by virtue of subsection (1) explicit reference is
made to the consent of the parties and to the duration of the mediation, which may not exceed three
(3) months. (4) With the completion of the time-limit set out in the Court decision, the parties shall
inform the Court of the procedure followed and the result of the mediation and may, in case no
agreement on the settlement is reached, ask for extension of the duration of the mediation, for a
period not exceeding three (3) months. (5) The Court may, in proprio motu, or, at the request of any
of the parties, interrupt the mediation procedure before the end of the time-limit provided for by
virtue of this section. (6) A Court decision issued by virtue of subsection (4) or by subsection (5) is
not subject to an appeal.”
42
See Levitt (2017).
378 A. Plevri
comparison to voluntary mediation and remains to be seen. In this context, it is

crucial that among the recommendations of the report on the Functional Review of
the Courts System in Cyprus, conducted and delivered to the Cypriot Ministry of
Justice and the Supreme Court by the Institute of Public Administration of Ireland
on March 2018, there is a clear proposal of introducing ADR mechanisms in con-
sumer disputes too. Additionally, the proposal of amending the Rules of Court to
support mediation and particularly to be encouraged, where settlement is a likely
outcome, would be an important “step” towards the improvement of both the judi-
cial reality and the development of mediation in Cyprus.
3.2 Arbitration in Cyprus
Arbitration is a form of dispute resolution where parties can usually nominate arbi-
trators of their trust for all (civil or commercial) disputes arising out of or in connec-
tion with a specific contract. The primary reasons for every sector of industry to
prefer arbitration instead of litigation in courts are actually the problems with the
existing legal system themselves.43 On the legislative arbitration framework in
Cyprus, domestic arbitration in Cyprus is ruled by the Arbitration Law (Chapter 4).
This law was implemented in Cyprus in 1944 and regulates the framework for con-
ducting (domestic) arbitrations in Cyprus by laying down rules on the arbitration
procedure, powers and duties of the arbitrator, the rights and obligations of the par-
ties and the scope for judicial review of arbitration awards. The above law has
remained the same since 1944 and is similar to the UK’s Arbitration Act of 1950. It
is clear that a modernisation of the law is more than necessary. When it comes to the
international commercial arbitration in Cyprus, Law 101/1987 is applicable.
It is clear that companies/businesses unprepared or not aware of ADR methods
are likely to lose market share and face economic losses in case of the arising of a
43
When it comes to the question why choose arbitration over litigation to resolve disputes arising
of any kind of business, one could notice that the important benefits of confidentiality, neutrality
and expertise, profound technical knowledge and experience on behalf of the arbitrator(s) (in any
case, proficiency in these skills is not usual when it comes to judges), seem to be key factors in
answering the above question. Parties also choose arbitration because this process can (mainly, but
not always) be faster than court proceedings. This is the reality in Cyprus too. The question is
whether arbitration is actually cheaper than court proceedings. This depends on many factors such
as whom the parties have appointed as arbitrators, the complexity of the case, the duration of the
procedure and whether the award is challenged before the domestic courts. Overall, however, arbi-
tration is often cheaper because, to an extent, the parties control the process and the procedure. It
is not dictated by national Courts’ rules. In summary, the advantages of arbitration are: (a) world-
wide enforceability of awards because of the New York Convention of 1958, (b) internationality:
common rules and standards, (c) dispute decided by arbitrators who are nominated, appointed and
trusted by the parties, (d) specialisation, experience and neutrality of the arbitrators, (e) the fact
that there are very limited grounds for appeal, (f) the fact that the language to be chosen freely, (g)
the efficiency, confidentiality of the process, (h) the time and cost effectiveness and (j) the neutral
forum for parties from different states, minimising the risk of national bias.
civil, commercial dispute, etc. A valid and binding arbitration clause is therefore
needed in parties contracts. A very often and effective process is also the hybrid
arbitration processes of “med-arb”, where a relevant clause is needed. The legal seat
of arbitration is a key because it determines the law that will govern the conduct of
the arbitration proceedings and issues such as the availability of interim measures or
the likelihood of involvement (and interference) in the arbitration by the national
courts. Ad hoc international arbitrations are frequently governed by the law of the
seat only. By way of example, if the seat is Cyprus, the parties will follow the
Arbitration Act (Chapter 4) or the International Commercial Arbitration Law.
Small consumer claims, meaning claims up to 5000 euros (interest and expenses
not included) per product in every sales contract could be resolved in Cyprus
through arbitration44 according to the out of court resolution of consumers claim via
arbitration Law No 148 (I)/2015.45 This law aimed to harmonise the Cypriot
legislation with the European Directive 2013/11/EU of the European Parliament
and of the Council of 21 May 2013 on alternative dispute resolution for consumer
44
See: http://www.arbitration.com/blog/interaction-between-the-arbitration-act-and-the-con-
sumer-protection-act/. Posted on July 18th, 2017: “In the USA, the Arbitration Act allows for the
parties of a contract to agree to arbitration in the event that a dispute arises. However, the
Consumer Protection Act prohibits mandatory arbitration clauses in consumer agreements. These
contradictors results can create confusion. Basically, the interaction between these two acts is that
arbitration cannot be forced before a dispute arises. However, once the dispute is evident, the par-
ties can agree to arbitration. Consumer agreements includes an agreement between a merchant
that provides goods and services to an individual for personal or household purposes. The
Consumer Protection Act is premised on the idea that consumers may not be able to fully compre-
hend the implications of an arbitration clause before the goods or services are provided and not in
an equal position to merchants. However, by eliminating the ability to contract to arbitration
before a dispute arises, the end result may be to diminish consumer rights by preventing them from
entering into arbitration agreements that could help resolve consumer disputes. There are a num-
ber of advantages to participating in arbitration that consumers can benefit from. This includes
realizing a faster resolution of the case. Litigation is extremely time-consuming. It may take years
before a consumer protection claim goes to court. Arbitration may help resolve the claim in a frac-
tion of the time. Additionally, arbitration awards can usually not be appealed while verdicts can,
which further increases the amount of time that a claim can be pending. In litigation, complex rules
may be used, resulting in extensive discovery and months of reviewing documents and other evi-
dence. The parties in arbitration can agree to simplified rules so that the parties are on a more even
playing field. In arbitration, the parties can choose someone who has subject matter expertise
instead of be assigned a random judge with no particular sophistication in the case at hand”. See
also: http://www.reuters.com/article/bc-finreg-california-arbitration/california-may-curb-manda-
tory-arbitration-provisions-in-consumer-financial-contracts-idUSKBN1AI2KW (last access:
16/11/2017). “California may curb mandatory arbitration provisions in consumer financial con-
tracts. It should be no surprise then that California is taking action on arbitration provisions in
consumer contracts for financial products and services independently from the U.S. Consumer
Financial Protection Bureau, which issued its own final arbitration rule on July 10”.
45
Since the commencement date of Law 148(I)/2015, the Law 78(I)/2011 on the out-of-court set-
tlement of consumer claims via arbitration has been abolished, according to Article 41 of the of
Law 148(I)/2015.
380 A. Plevri
disputes and amending Regulation (EC) No 2006/2004 and Directive 2009/22/EC,

the so-called “Directive on consumer ADR”.46
Under the above law, a trader based in Cyprus may agree with a consumer who
is based in Cyprus or in another Member State of the EU, meaning in both domestic
and cross border contractual disputes on sales of goods or services, to resolve them
via arbitration. Under Article 3 (2), this law is not applicable, among others, in a
procedure that started from a trader/supplier against a consumer. The competent
state authority to manage this process and organise the Registry of the Traders who
agree to be involved in this consumer arbitration procedure and the Arbitrators
Registry is the Office for Competitiveness and Consumer Protection of the Cypriot
Ministry of Energy, Trade, Industry and Tourism.
The procedure starts by filling an application to the above Office on behalf of the
consumer. Before that, the consumer has to secure a written consent on behalf of the
other party, meaning the trader, that he agrees to this arbitration procedure, except if
the trader is already registered in the relevant Registry (Article 14 (1)). Article 27
(1) of the above law states that the arbitrator should deliver his/her award in 15 days
after the final hearing, and in any case the procedure should be over in a period of
90 days from the date that the competent Office received the full file of the claim.
There is of course a right (by the Office) to extend this period [Article 27 (5)]. When
it comes to the fees of the arbitrator, the first Annex of the above law states that these
should be paid by the applicant and it is 85 euro per case per arbitrator for each
consumer claim up to 2500 euros and 170 euro per case per arbitrator for each con-
sumer claim higher than 2500 euros.
It is worth noting that in general, the provisions of this law are quite similar with
those of the Law 85 (I)/2017 on the Online Dispute Resolution (ΟDR) of consumer
disputes, which is in force since July 2017.47 This law will be discussed further
below.
Finally, it should be noted that there is a lot of fair criticism on the failure of Law
148/2015 to convince businesses and traders to adapt arbitration as an ADR method.
4 Online Dispute Resolution: An Evolution in ADR
Online Dispute Resolution (ODR) is the alternative dispute resolution process

which is carried out online with the help of online technology. In a nutshell, one
could indeed claim that, in order to start a cross border litigation, a European lawyer
needs to know at least 10 EC regulations. Of course, there are other ways of dealing
with a cross border dispute, much easier to cope with. One solution could fall under
the Directive 2008/52 on mediation in civil and commercial matters. As already
stated, there is a huge debate about mediation and its pros and cons. For the time
46
http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32013L0011 (last access:
15/11/2017).
47
7th of July 2017.
being, mediation is not delivering as expected at least in Cyprus (and Greece). Still,
there other ADR paths suitable for cross border cases. Such a mechanism is the
Online Dispute Resolution (ODR) which is established in several kinds of disputes
of a particular nature by the European Union and seems to actually work in several
cases of cross border disputes. An example of a category of disputes where the EU
has established ODR is the domain name disputes under the European code “.eu”.
This alternative to the costly and definitely lengthy solution of cross border liti-
gation exists since 2006 in the framework of the Regulation 874/2004, which estab-
lishes a unified EC-wide ADR procedure that is expeditious, fully digitalised,
harmonises the applicable law in question and sets aside all the problems connected
with cross border litigation. It is worth noting that since February 2006, the .eu ADR
Dispute Resolution Centre (also called Czech Arbitration Court (CAC)) operates
under the auspices of the European Union. The headquarters of the .eu ADR Centre
are situated in Prague, Czech Republic. Currently, it is the sole Dispute Resolution
Body dealing with complaints related to disputes arising from the use of .eu domain
names. The official web site of CAC is: https://www.adr.eu.48
5 A
lternative Dispute Resolution of Consumer Disputes:
ODR for EU Consumers—The ODR Platform—Settling
Consumer Disputes Online49
Consumer’s complaints or claims on goods or service they have bought could be

settled out of court using ADR methods. The term ADR includes all the ways of
resolving a complaint which do not involve court’s procedures. Typically, consum-
ers ask a neutral third party to act as a mediator between them and the trader; this
neutral third party is called an ADR entity. The ADR entity can then suggest or
impose a solution, or simply bring the parties together to discuss how to find a solu-
tion. This is also known as “mediation”, “conciliation”, “arbitration”, “ombuds-
man” or “complaints’ board”. Αs already stated, in comparison to litigation, ADR
methods are usually quicker, simpler and cost effective.
How European consumers are or could be helped by ODR when it comes to
consumer disputes in comparison to the traditional court proceedings?50 ODR is an
ADR procedure conducted entirely online.51
48
The basic operating principles of the .eu ADR Court are defined in Articles 22 and 23 of
Regulation 874/2004. These provisions provide for the possibility of adjudication through either a
single arbitrator or a three member arbitration committee [or Panel] (Article 23 § 2 para. A).
Publication of the decisions on the website of the provider [www.adr.eu] is mandatory. See also,
www.nic.cy for the Cypriot registry and www.gr for the Greek registry.
49
http://www.eccireland.ie/popular-consumer-topics/online-dispute-resolution-odr/ (last access:
16/11/2017)
50
Jeretina and Uzelac (2014), pp. 39–72.
51
See the Report of the ICC Commission on Arbitration and ADR on Information Technology in
382 A. Plevri
On the benefits of ADR/ODR, consumers and traders will be more confident in

trading online and across borders. In addition, this is a way for the consumers to
settle their disputes out of court in a simple, fast and low-cost way. Moreover, ADR/
ODR has the ability to contribute to the development of a new culture of out of
court, conciliatory dispute resolution between consumers and traders in the EU. This
way consumers will be encouraged to seek redress even for low-value purchases
and enforce their rights.
EU traders could and will benefit from ADR/ODR too. Currently, 60% of the EU
traders do not sell online to other countries because of the perceived difficulties of
solving a problem arising from such sales. ADR/ODR could save on costly court
proceedings, as well as maintain business reputation and good customer relations.
Moreover, the European Commission launched on the 15th of February 2016 an
online platform where consumers and traders can resolve online disputes arising of
purchases made online. This ODR platform offers a single point of entry that allows
consumers and traders across the EU to settle their disputes arising from both
domestic and cross-border online markets and purchases. Via this online platform,
disputes are channelled to national ADR bodies (providers) which are connected to
the platform and have been selected by the Member States according to quality
criteria and notified to the Commission. The ODR Platform is set up and maintained
by the European Commission. To allow consumers to file a complaint, online trad-
ers must provide an electronic link to the ODR Platform.52
This obligation entered into force on January 19, 2016, but the ODR Platform
was launched on February 15, 201653 to allow for a maximum geographical and
sectoral coverage across the European Union as Member States had first to assess
and notify to the Commission the national ADR entities. Around 162 Alternative
Dispute Resolution (ADR) bodies from 22 Member States are connected to the
Online Dispute Resolution (ODR) platform. The European Commission is working
with the Member States in order to achieve a full coverage of all Member States and
sectors as soon as possible. On average, it takes a maximum of 90 days for cases to
be solved.
The experience of European consumers who have used ADR tends to be positive:
70% were satisfied by the way their complaint was handled through this procedure.
This is an additional way for consumers to solve their disputes and does not replace
the possibility of going to court, which is however usually more costly and takes
longer. Thus, only 45% of consumers are satisfied by the way a court handled their
complaint.
Traders also benefit from this platform, as ADR procedures will help them avoid
costly litigation fees and maintain good customer relations. The legal basis for the
International Arbitration, https://iccwbo.org/publication/information-technology-international-

arbitration-report-icc-commission-arbitration-adr/.
52
https://ec.europa.eu/consumers/odr/main/index.cfm?event=main.home.show&lng=EN (last
access: 16/11/2017).
53
The ODR Platform is accessible here: https://ec.europa.eu/consumers/odr/main/index.
cfm?event=main.home2.show&lng=EN.
creation and establishment of the EU-wide ODR platform to facilitate online resolu-
tion of contractual disputes between EU consumers and traders over purchases
made online is the EU Regulation No 524/2013 of the European Parliament and of
the Council for the online resolution of consumer disputes54 (amending the EU
Regulation No 2006/2004 and the EU Directive 2009/22), which describes the main
functions of the platform, as well as the workflow for the disputes that are being
submitted through it. This EU ODR platform links all the ADR entities notified by
the Member States in line with the ADR Directive. Under the above legislation,
traders must also provide a link to the EU ODR platform on their website.55 The
platform is user-friendly, multilingual56 (“choose your language”), accessible to
all57 and on all types of devices. Everything is done in four, simple steps.
(i) At first, the consumer fills in an online complaint form on the platform in three
simple steps and submits it. The platform offers users the possibility to conduct the
entire resolution procedure online. Member States have to establish a national con-
tact point to provide assistance to users of the ODR platform. The list of these
national contact points is available on the ODR platform. The complaint is sent to
the relevant trader, who proposes an ADR entity to the consumer. (ii) Once con-
sumer and trader agree on an ADR entity to handle their dispute, the EU ODR. (iii)
The ODR platform transfers automatically the complaint to the quality dispute reso-
lution bodies communicated by Member States. (iv) The ADR entity handles the
case entirely online and reaches an outcome in 90 days.
Finally, it is worth to note that within the first year of use of the EU ODR plat-
form, the results were very positive. Ιn this period, over 24,000 consumer com-
plaints were filed, with more than one third of cross border transactions within the
EU. Most of the complaints and disputes were related to clothing, footwear, airline
tickets and information and communication technologies. Consumers across the EU
have available, since the launch of EU ODR platform, an effective method to resolve
disputes with traders. This could be noted as one of the benefits of the EU.
54
See the 2017 Report from the Commission to the European Parliament and the Council on the
functioning of the European Online Dispute Resolution platform established under Regulation
(EU) No 524/2013 on online dispute resolution for consumer disputes, https://ec.europa.eu/info/
sites/info/files/first_report_on_the_functioning_of_the_odr_platform.pdf.
55
So far, 260 ADR entities are enrolled on the EU ODR platform and 27 Member States have noti-
fied the European Commission that they have fully incorporated the EU Directive (2013/11) on
ADR for consumer disputes. Moreover, 24 Member States have sent the list of the certified ADR
entities and 27 Member States have appointed a national contact point. Source: synigoroska-
tanaloti.gr and https://www.eccgreece.gr/en/greek-european-consumer-centre/.
56
It allows consumers to submit their disputes online in any of the 23 official languages of the
European Union. A translation service is available on the platform to assist disputes involving par-
ties based in different European countries.
57
https://ec.europa.eu/consumers/odr/main/index.cfm?event=main.home.chooseLanguage (last
access: 16/11/2017).
384 A. Plevri
5.1 European Legislative Framework
The legal framework for consumer Alternative and Online Dispute Resolution is
established by the following acts58: (i) The Directive on Consumer ADR (ADR
Directive),59 (ii) the Regulation on Consumer ODR (ODR Regulation)60 and (iii)
the Commission Implementing Regulation on Consumer ODR61 (COMMISSION
IMPLEMENTING REGULATION (EU) 2015/1051 of 1 July 2015 on the modali-
ties for the exercise of the functions of the Online Dispute Resolution platform, on
the modalities of the electronic complaint form and on the modalities of the coop-
eration between contact points provided for in Regulation (EU) No 524/2013 of the
European Parliament and of the Council on online dispute resolution for consumer
disputes).
5.1.1 EU Directive 2013/11/EE
The EU Directive 2013/11 of the European Parliament and of the Council on ADR
for consumer disputes62 ensures that EU consumers can turn to an ADR entity for all
their contractual disputes in virtually all economic sectors with traders no matter
where (domestically or across borders) and how (online/offline) the purchase was
made. It furtherly ensures that the ADR entities notified to the Commission by
Member States will offer a high quality service and will respect core principles,
such as impartiality, transparency, effectiveness and fairness.63
The ADR Directive reserves that consumers have access to ADR for resolving
their contractual disputes with traders. Access to ADR is ensured no matter what
product or service the consumer has purchased (only disputes regarding health and
higher education are excluded), whether the product or service was purchased
online or offline and whether the trader is established in the consumer’s Member
State or in another one.64 This Directive also established binding quality require-
ments for dispute resolution bodies offering ADR procedure to consumers. Member
58
See the EU legislation on Alternative and Online Dispute Resolution at: http://ec.europa.eu/con-
sumers/solving_consumer_disputes/non-judicial_redress/adr-odr/index_en.htm (last access:
16/11/2017).
59
https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2013:165:0063:0079:EN:PDF.
60
https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2013:165:0001:0012:EN:PDF.
61
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32015R1051&from=EN.
62
Directive 2013/11/EU of the European Parliament and of the Council of 21 May 2013 on alterna-
tive dispute resolution for consumer disputes and amending Regulation (EC) No 2006/2004 and
Directive 2009/22/EC (Directive on consumer ADR), OJ L 165, 18.6.2013, pp. 63–79 (adopted
together with the Regulation).
63
See further, Europa webpage: Alternative and Online Dispute Resolution (ADR/ODR) http://
ec.europa.eu/consumers/solving_consumer_disputes/non-judicial_redress/adr-odr/index_en.htm.
64
http://ec.europa.eu/consumers/solving_consumer_disputes/non-judicial_redress/adr-odr/index_
en.htm (last access: 16/11/2017).
States’ competent authorities, after their assessment, communicate to the European

Commission the list of national dispute resolution bodies.65
Οn the 29th of May 2017, the European Commission has announced the Results
of the Fitness Check of consumer and marketing law and of the evaluation of the
Consumer Rights Directive. The European Commission has completed its Fitness
Check of consumer and marketing law66 and the evaluation of the Consumer Rights
Directive. (Press release; factsheet).67 The evaluations confirm that in general con-
sumer law remains fit for the purpose. When applied effectively, the existing rules
tackle the problems that European consumers are facing today, also in online mar-
kets. However, findings also point to the need to improve awareness, enforcement of
the rules and redress opportunities to make the best of the existing legislation. In
addition, the evaluation shows targeted legislative changes to address certain identi-
fied shortcomings of the Directives could be beneficial. For example, in light of
recent developments in the digital economy, one such change could be enhancing
the transparency of online platforms. Another could be introducing EU-level rights
to remedies (such as right to terminate the contract or to receive a refund of the price
paid) for victims of unfair commercial practices, in view of the still relatively high
occurrence of such practices.
Μoreover, a Fitness Check follow-up actions, updated in October 2017, was
announced. Based on these evaluations of EU consumer law, the Commission is
assessing the need for possible changes in legislation. To this end, the Commission
published in June 2017 an Inception Impact Assessment on targeted revision of EU
consumer law directives and related consultation strategy. In addition, the
Commission published in October 2017 an Inception Impact Assessment68 on the
revision of the Injunctions Directive and related consultation strategy and will pre-
pare an impact assessment, and, if necessary, present legislative proposals.
The Commission carried out the following consultations for this Impact
Assessment: (i) Online public consultation for 14 weeks (June–October 2017), (ii)
SME panel survey (July–September 2017), (iii) structured discussions with Member
States authorities and experts also via specific surveys within DG JUST networks
such as Consumer Protection Network (CPN—national ministries); Consumer
Protection Co-operation network (CPC—consumer protection enforcement author-
ities), European Consumer Consultative Group (ECCG—national consumer asso-
ciations), European Judicial Network (EJN), (iv) continuation of the targeted
consultation of the consumer and business organisations in the framework of the
REFIT Stakeholder Consultation Group, and (v) targeted consultations of relevant
stakeholders including consumer and business organisations.
65
https://ec.europa.eu/consumers/odr/main/index.cfm?event=main.adr.show.
66
https://ec.europa.eu/info/live-work-travel-eu/consumers_en.
67
http://ec.europa.eu/newsroom/just/item-detail.cfm?item_id=59332 (last access: 16/11/2017).
68
https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2017-5324969_en.
386 A. Plevri
5.1.2 EU Regulation 524/2013
The EU Regulation 524/2013 of the European Parliament and of the Council for the
online resolution of consumer disputes is based on the EU Directive 2013/11 of the
European Parliament and of the Council on ADR for consumer disputes (amend-
ment of the EU Regulation No 2006/2004 and the EU Directive 2009/22), which
provides consumers with access to ADR methods on the resolution of contractual
disputes with traders.
The Regulation is directly applicable and valid in the entire Union since it went
into force on January 19, 2016. The regulation states that the European Commission
develops and operates the ODR Platform (Art. 5 Regulation). The specific functions
of the platform, as well as the entire process for form filing and processing a com-
plaint to its resolution are also set out in the Regulation (Art. 5 No. 4 and Art. 7-10
Regulation).
Businesses established in the EU which sell goods or services to consumers
online need to comply with the ADR/ODR legislation. Under the heading “Consumer
Information” in Article 14, there is the important obligation to provide an electronic
link on the website to the ODR platform is set out. Thus, online traders that commit
or are obliged to use ADR must inform consumers of the dispute resolution body/
bodies by which they are covered. They should do this on their websites and in the
general terms and conditions of sales or service contracts. More specifically, they
are required to provide a link (i.e., http://ec.europa.eu/odr) from their website to the
ODR platform. To signpost the ODR platform, traders can use the following click-
able web-banners that are available in the different EU languages.
These obligations cover the followings: (i) Traders established in the Union
engaging in online sales or service contracts, and online market places established
in the Union (para 1). They must make the link easily accessible and include their
own e-mail addresses. (ii) Traders established in the Union engaging in online sales
or service contracts, who are committed or obliged to use one or more alternative
dispute resolution entities (“ADR entities”) under Art. 4(1) Directive 2013/11/EU
(para 2). If an offer is made by e-mail, then the link to the ODR Platform must also
be included in the e-mail. Where applicable, the information must comply with the
general terms and conditions for online sales and service contracts. For traders (para
1 and para 2), the link must be easily accessible, but there are no precise require-
ments on the placement of the link on the website. The term “easily accessible”
should of course be interpreted in uniform manner throughout the EU, which means
that ultimately the ECJ has to provide some guidance in this respect.69
It is worth to note that in Germany, online traders were rather reluctant to comply
by placing a link to the ODR Platform on their websites. Yet, a relatively recent
judgement by the district court of Bochum70 is likely to change that. The District
Court of Bochum has ruled that an online trader who does not provide a link to the
69
See: https://www.whitecase.com/publications/article/online-traders-new-obligation-eu-
provision-link-online-dispute-resolution-odr.
70
District Court of Bochum, No: 14 O 12/2016.
ODR Platform infringes on Unfair Competition Law and is prohibited from further
trading online.
In the judgment by the District Court of Bochum, an online trader for watches
(applicant) requested a preliminary injunction by the court against another online
trader of watches (defendant) who did not include a link to the ODR Platform. The
preliminary injunction was granted. The court held that the defendant was obliged
to include an easily accessible link as of January 9, 2016—when the Regulation
went into force—although the ODR Platform was not online at the time (it was
launched on February 15, 2016). Since the defendant did not provide such link, they
violated Sect. 3a of the German Unfair Competition Act in connection with Article
14 para 1 sentence 1 of the Regulation (No) 524/2013. The above decision of the
district Court of Bochum provides an outlook of how German courts will tackle
non-compliance with the Regulation. According to Article 18 of the Regulation, it
is for each Member State to decide on applicable penalties for infringements of the
Regulation; yet they must be effective, proportionate and dissuasive. However, as
mentioned above, it is unclear where the link must be placed on the website.
Ultimately, this is for the ECJ to determine. In any case, the major task for online
traders is to include the link to the ODR Platform in an easily accessible way on the
website to comply with the Regulation.
Finally, the above Regulation is directly applicable in all EU Member States (no
transposition into national law is necessary) and therefore directly obliges online
traders to follow the rules therein.
5.2 ODR for Consumers in Cyprus
Law 85 (I)/2017 is the applicable law of Cyprus regarding online alternative resolu-
tion of consumer disputes. This act has entered into force since July 2017 (7.7.2017)
and sets the framework for consumers to make voluntary complaints against traders
to bodies providing independent, impartial, transparent, effective rapid and fair
alternative dispute resolution procedures in Cyprus. The competent state authority
for the control and approval of alternative dispute resolution entities in accordance
with the requirements of the legislation is the Consumer Protection Service of the
Cypriot Ministry of Energy, Trade, Industry and Tourism.71 The site of the Consumer
Protection Service of the Cypriot Ministry of Energy, Trade, Industry and Tourism
informs the consumers of Cyprus for the legal obligations of the online shops, for
ADR as a method of resolving disputes and for the EU ODR platform also. In this
framework, if a consumer who is a resident of the Republic of Cyprus wishes to
apply to an ADR entity in order to resolve a consumer dispute with a trader located
in the Republic, then he/she can contact directly an ADR entity based in the Republic
71
http://www.consumer.gov.cy/mcit/cyco/cyconsumer.nsf/All/B234AC4A5ABED7C5C2257F16
002B5F9B?OpenDocument.
388 A. Plevri
which is approved by the competent authority and listed in the ADR entities pursu-
ant to Article 21 (1) of Law 85 (I)/2017.72
However, if the consumer resides in the Republic of Cyprus but the trader is
established in another EU Member State, then the consumer may refer to an ADR
entity in Cyprus73 or in another EU country through the European Commission’s
E-Dispute Resolution Platform. Currently in Cyprus, there are the following ADR-
ODR entities for consumer disputes: (i) Cyprus Consumer Center for Alternative
Dispute Resolution, (ii) Cyprus Technical Chamber (ETEK) Alternative Dispute
Resolution Centre (ETEK ADR Centre) (iii) Interdisciplinary Centre for Law,
Alternative and Innovative Methods (ICLAIM) and (iv) the Office of the
Commissioner of Electronic Communications and Postal Regulation.
5.3 ODR for Consumers in Greece
In Greece, an important and total reform of the mediation law in civil and commer-
cial disputes took place in January of 2018. The (new) mediation Law
4512/17.01.2018 has substantially amended the previous law in force (3898/2010).74
Articles 178–206 of the law regulate the new mediation landscape. In the mediation
law of 2018 in Greece, there are provisions (Article 182) that introduce compulsory
mediation on seven categories of private law disputes,75 as a pre-trial procedural
condition before the court’s hearing (condition of admissibility of the hearing).
Failure to engage in a mediation “attempt” is sanctioned with inadmissibility of the
hearing proceedings. The attorney-at-law of the claimant is required to inform the
party about the possibility or the obligation to resort to mediation. Regardless of the
result, a respective document signed by the party and the attorney-at-law must be
submitted to the court, otherwise the latter will not enter into the merits of the hear-
ing of this dispute and a reopening of the case will be ordered.
The reform of mediation legislation in Greece and especially the fact that
attorneys-at-law are compelled by the law to inform in writing their clients about
mediation and promote mediation as an ADR mechanism before filling any sort of
legal action, as well as the provisions on the compulsory pre trial mediation in spe-
cific categories of disputes, aims to promote and establish mediation in the Greek
legal system and that way to reduce delays in the court system; moreover, to harmo-
72
See: http://www.consumer.gov.cy/mcit/cyco/cyconsumer.nsf/All/763E35ABFEF8EC1CC22582
D4004539AD?OpenDocument.
73
See https://ec.europa.eu/consumers/odr/main/?event=main.adr.show2.
74
Law 3898/2010 titled “Mediation in civil and commercial matters” implemented in Greece the
Directive 2008/52/EC of the European Parliament and the Council of 21 May 2008 on certain
aspects of mediation in civil and commercial matters. On the mediation landscape in Greece under
Law 3898/2010, see in detail, Diamantopoulos and Koumpli (2015), pp. 313–343 and Theocharis
(2015).
75
The provisions of the new mediation law on the compulsory pre-trial mediation will take effect
in 17.10.2018 in Greece.
nise more with the European Mediation Directive. The Greek legislator is trying
actually to put into force in Greece the “Italian mediation model” on compulsory
mediation, which has shown successful results so far.76
The provisions of the mediation Law 4512 of 2018 for compulsory pretrial medi-
ation was about to come into force in Greece as of 17 October 2018, but a more
recent law (No 4566/2018) was enacted and delayed these provisions from taking
effect until September 2019. This legislative development was actually a result of an
opinion of the Administrative Plenary Session of the Supreme Court of Greece (No
34/2018) on the mandatory recourse to mediation in which it was stipulated that
compulsory mediation as a pretrial condition is not compatible with specific provi-
sions of the Greek Constitution and EU Law.77 More specifically, that the above law’s
provision for compulsory mediation is in violation of the right of access to justice,
since mandatory mediation comes at a cost which is deemed excessive.78
The legislative framework of ODR for consumer disputes in Greece is based on
the EU Directive 2013/11/ΕΕ, the EU Regulation 524/2013,79 the 2012/1051
Regulation and a joint decision of the Ministries of Economy and Justice, No
70330/9.7.201580 regarding arrangements on the adoption in the Greek legal order
of the EU Directive 2013/11/EU on alternative dispute resolution for consumer dis-
putes and the adoption of additional national measures implementing EU Regulation
524/2013 on the online resolution of consumer disputes.
The EU ODR platform has officially begun to resolve its first cases in Greece. Α
consumer who buys online purchases can now file his complaint via the platform
regarding any trader based in the European Union. In this way, the consumer and the
trader may resolve their dispute out of court via an approved resolution ADR entity
registered in the Register of Bodies of the Ministry of Development and notified to
the European Commission.
As an example in one case, a consumer from Spain bought online books from a
large Greek publishing house. The delivery of the products was delayed and the
76
See further analysis and statistics on the Italian model at Giovanni (2017).
77
See further, Review of Civil Procedure, Volume 3/2018, Sakkoulas Publications, pp. 287–325
with comments by Assistant Professor Giannopoulos P., pp. 325–330 (in Greek), Journal
Arbitration & Mediation and other ADR Methods, Volume 1/2018, Nomiki Bibliothiki S.A.,
pp. 99–131 (in Greek) with comments by Judge of the Supreme Court Loverdos D., pp. 131–132
and the Memo of the Plenary Session of the Presidents of the Bar Associations of Greece to the
Administrative Plenary Session of the Supreme Court of Greece, (28.06.2018), available at: www.
dsa.gr%2Fsites%2Fdefault%2Ffiles%2Fnews%2Fattached%2Fdiamesolavisi-ypomnimashe
dio_2_28.6.2018.
78
Regarding the relationship of compulsory mediation and EU law, see the CJEE’S decision on
case C-75/16 Livio Menini and Maria Antonia Rampanelli v. Banco Popolare Società Cooperativ,
https://curia.europa.eu/jcms/upload/docs/application/pdf/2017-06/cp170062en.pdf.
79
The above EU Directive and Regulation provide for two basic obligations for e shops: (a) to
provide a link on their website (https://webgate.ec.europa.eu/odr), to inform consumers and (b) to
provide the address of their email in order any consumer complaints to be able to be sent to the
traders via the EU platform.
80
See Komnios (2016), p. 244, https://www.lawspot.gr/nomikes-plirofories/nomothesia/koini-
ypoyrgiki-apofasi-70330oik-972015 (in Greek).
390 A. Plevri
consumer refused to receive the books. The trader attributed the delay to the Spanish
post office, which delayed delivery. This delay forced the consumer to buy the books
from another supplier. The consumer did not accept the reason for the delay of the
Spanish post office and demanded a full refund of the money he has paid to the
Greek trader. The latest offered a discount on the value of the products, which the
consumer refused on the basis that he had already bought other books. With the
intervention of was appointed by an ADR entity, the trader agreed to return the
money. In addition, the cost of the post expenses was shared by the two parties.81
In another case, a consumer from Luxembourg complained about a car that he
rented online from a supplier in Greece. The EU ODR platform sent the complaint
to the competent ADR body in Greece. The dispute was settled within 60 days. The
supplier refunded the full amount to the consumer.82
In Greece, the accredited (according to the provisions of the EU Directive) so far
ADR entities connected to the EU ODR platform are four: (i) the Independent
Authority “Consumer’s Ombudsman” on all commercial sectors,83 (ii) the Mediator
for Banking-Investment Services on the financial services industry, (iii) the ADR
POINT IKE84—Center of Alternative Dispute Resolution on all commercial sectors,
with the exception of the categories explicitly mentioned in Art. 2 par. 2 of the Joint
Ministerial Decision and (iv) the European Institute for Conflict Resolution85 on all
commercial sectors, with the exception of the categories explicitly mentioned in
Art. 2 par. 2 of the Joint Ministerial Decision.
6 Conclusion
The legislative framework of ADR and that of ODR in the EU and in Cyprus, as
well as the connection of ADR-ODR to consumer disputes and its opportunities
especially in comparison to the ordinary judicial proceedings were analysed in the
above chapters. A synopsis of the advantages of the ODR process as and ADR
method for the consumers could include the following: Firstly, the parties can antic-
ipate a resolution of their dispute within 90 days and complete all formalities
through the web, by using the EU ODR platform. Secondly, the parties and their
81
http://www.opemed.gr/?p=2923 (in Greek).
82
Another example: https://www.lawspot.gr/nomika-nea/epityhis-diamesolavisi-meso-tis-platfor-
mas-ilektronikis-epilysis-diaforon-tis-ee-kai (in Greek).
83
The Independent Authority of the “Consumer’s Ombudsman” has joined the EU ADR platform
since 15 February 2016 and achieved the electronic resolution of all disputes transmitted through
it, with an average resolution time of 48 days (under the regulation there is a period of 90 days for
this process). 75% of complaints were domestic and 25% were cross-border. The European
Consumer Center of Greece as a contact point, answered 72 questions coming from consumers and
suppliers, most of which concerned e-shop obligations and the online mediation process (average
response time of 3.66 days). Source: synigoroskatanaloti.gr.
84
https://www.adrpoint.gr/ (in Greek).
85
http://www.europeanresolution.com/en/european-institute-for-conflict-resolution/.
lawyers are not obliged to be actually present during the process. Thirdly, the parties
are in full knowledge of the process. The policies, practice, rules and regulations are
available online in all EU official languages and transparency is achieved to its
maximum. Lastly, the parties are not dependent on any international jurisdiction
rules, they can select any lawyer they wish to, irrespectively of his/her place of ori-
gin and the place that (s)he practices the profession so they are saved from extra
legal fees, necessary for litigation abroad. It is also of high importance, especially
in terms of time and cost efficiency that there are no remedies and there is no right
to appeal, etc.
References
ADR and Civil Justice, CJC ADR Working Group Final Report, November 2018, Section 3:
Τhe types of ADR available, 3.6. Available at: https://www.judiciary.uk/announcements/
new-report-on-alternative-dispute-resolution/
Aubrey-Johnson K, Curtis H (2012) Making mediation work for you, a practical handbook. Legal
Action Group, London
Civil Justice Council, ADR Working Group, ADR and Civil Justice (Interim Report, October 2017),
15–16 and for Overseas 41–48. https://www.judiciary.gov.uk/wp-content/uploads/2017/10/
interim-report-future-role-of-adr-in-civil-justice-20171017.pdf
Diamantopoulos G, Koumpli V (2015) Mediation: the Greek ADR journey through time. In:
Esplugues C, Marquis L (eds) New developments in civil and commercial mediation. Ius
Comparatum - global studies in comparative law, vol 6. Springer, Cham, pp 313–343
Emilianides A, Charalampides N (2014) Cyprus. In: Esplugues C et al (eds) Civil and commercial
mediation in Europe, vol II. Intersentia, Antwerp, pp 103–123
Emilianides A, Xenofontos X (2012) Mediation in Cyprus. In: Esplugues C, Iglesias JL, Palao
G (eds) Civil and commercial mediation in Europe: national mediation rules and procedures.
Ιntersentia, Cambridge, pp 92–94
Georgiades A (2012) Cyprus. In: De Palo G, Trevor M (eds) EU mediation law and practice.
Οxford University Press, Oxford
Georgiades A (2014) In: Schonewille M, Schonewille F (eds) The variegated landscape of media-
tion. Eleven International Publishing, The Hague
Giovanni M (2017) Civil mediation how to kick start it: the Italian Experience. The relevance of
training. http://www.academia.edu/35125411/ADR_Matteucci_2017.10.30_Civil_mediation_
how_to_kick-start_it_the_Italian_experience._The_relevance_of_training and http://www.
altalex.eu/content/civil-mediation-how-kick-start-it-italian-experience
Hatzimihail N (2013) Cyprus as a mixed legal system. J Civ Law Stud 6(1). http://digitalcommons.
law.lsu.edu/jcls/vol6/iss1/3
Hopt K, Steffek F (eds) (2013) Mediation. Principles and regulation in comparative perspective,
1st edn. Oxford University Press, Oxford
Jeretina U, Uzelac A (2014) Alternative dispute resolution for consumer cases: are divergences an
obstacle to effective access to justice? Mednarodna revija za javno upravo XII(4):39–72
Kaisis A (2018) The award of justice in years of alternative dispute resolution and disruptive
technologies, Law without borders, Τhessaloniki, 2days Conference in honor of the Honorary
Professor Athanasios Kaisis, Sakkoulas Publication (in Greek)
Komnios K (2016) The implementation of the consumer ADR directive in Greece. J Eur Consum
Mark Law (EuCML) (6):244–249
Levitt R (2017) Compulsory mediation edges closer after Civil Justice Council report,
October 23, 2017. https://www.linkedin.com/pulse/compulsory-mediation-edges-closer-
after-civil-justice-roger-levitt/?trk=v-feed
392 A. Plevri
Plevri A (2018) Mediation in Cyprus: theory without practice, Cyprus Review, Spring 2018, vol
30, number 1. Published by the University of Nicosia
Report (2017) from the Commission to the European Parliament and the Council on the function-
ing of the European Online Dispute Resolution platform established under Regulation (EU) No
524/2013 on online dispute resolution for consumer disputes. https://ec.europa.eu/info/sites/
info/files/first_report_on_the_functioning_of_the_odr_platform.pdf
Report (2017) on the implementation of Directive 2008/52/EC of the European Parliament and
of the Council of 21 May 2008 on certain aspects of mediation in civil and commercial mat-
ters (the ‘Mediation Directive’), of the Committee on Legal Affairs of the EU. Rapporteur:
Kostas Chrysogonos. http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//
TEXT+REPORT+A8-2017-0238+0+DOC+XML+V0//EN#title1
Report of the ICC Commission on Arbitration and ADR on Information Technology in International
Arbitration. https://iccwbo.org/publication/information-technology-international-arbitration-
report-icc-commission-arbitration-adr/
Rewald R (2014) Mediation in Europe: the most misunderstood method of alternative dispute reso-
lution, World Arbitration Report, New York City: Weil, Gotshal & Manges LLP, Spring 2014,
14. Available at: https://www.weil.com/~/media/files/pdfs/WWAR_Newsletter_Spring2014.
pdf
Tang S (2014) Mediation in China. http://www.adrmaremma.it/english/tang01.pdf
Theocharis D (2015) Mediation as an alternative dispute resolution method. Analysis of law
3898/2010. Nomiki Bibliothiki Publishers (in Greek)
Tymowski J (2016) The Mediation Directive, European Implementation Assessment, in-depth
analysis. European Parliamentary Research Service, Brussels. Available at: http://www.
europarl.europa.eu/thinktank/en/document.html?reference=EPRS_IDA(2016)593789
Walker S (2016) Setting up a business as a mediator. Bloomsbury Professional
Walker S (2017a) Mediation advocacy: representing clients in mediation. Bloomsbury Professional
Walker S (2017b) FAQs for mediators. Bloomsbury Professional

EU Internet Law in The Digital Era Regulation and Enforcement

Uploaded by

Copyright:

Available Formats

You might also like

EU Internet Law in The Digital Era Regulation and Enforcement

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

EU Internet Law in The Digital Era Regulation and Enforcement

Uploaded by

Copyright:

Available Formats

Tatiana-Eleni

Christiana Markou Thalia Prastitou

ISBN 978-3-030-25578-7 ISBN 978-3-030-25579-4 (eBook)

© Springer Nature Switzerland AG 2020

for unfair commercial practices, simplifications for businesses, transparency

Nicosia, Cyprus Tatiana-Eleni Synodinou

Part I Copyright Law and the Internet

Part II Emerging Technologies and New Digital Challenges

Part III E-commerce and Online Consumer Protection

Francesco Banterle Hogan Lovells Studio Legale, Milan, Italy

© Springer Nature Switzerland AG 2020 3

of copyrighted material on platforms led to dramatic economic losses in sale, etc.

2.1 Commission Proposal

The Commission’s proposal refers to “information society service providers that

Art. 14 of the E-commerce-Directive will not be applicable anymore, which is

Cf. below Sect. 2.5.1.

Moreover, Art. 13.4 of the Copyright Directive repeats the notice-and-take-down

2.3 The Battle in the EP and the Final Vote

work uploaded by their users, an act of communication to the public.14 As a refer-

2.3.1 The Definition of “Online Content Sharing Service Provider”

Measures to be Taken by Providers Another important and heavily debated cor-

2.4 The Final Compromise of the “Trilogue”: The New Art. 17

authorization of all rightholders, see above.

Still, however, many services will be covered, ranging from YouTube to

CJEU, GS Media BV v Sanoma Media Netherlands BV et al., Case C 160/15, Judgment of 8

European Commission, Tackling Illegal Content Online—Towards an enhanced responsibility of

online platforms, COM(2017) 555 final.

“unauthorised acts of communication to the public”; if limitations are applicable,

Complaint Mechanisms and Dispute Resolution The final compromise follows

At the same time—and somehow serving as a background—the CJEU increasingly

This extension of direct liability by interpreting the “public” in a wide manner

3 Access Providers, WiFis, and Injunctions

3.1 European Setting

BGH, Urt. v. 21.9.2017, GRU 2018, pp. 178, 187, Recital 78.

Case C 70/10, Judgment of 24 November 2011, Recital 50.

is allowed by EU law, in particular by Art. 8.3 of the InfoSoc-Directive and Art. 11

3.2 Legal Reform in Germany

As mentioned, all developments circle around the difficult multipolar relationship

T.-E. Synodinou (*)

© Springer Nature Switzerland AG 2020 27

legal protection of computer programs.7 As stated in the Report, Articles 6 and 8 of

2.2 “ Lawful Use” in the Temporary Copy Exception

The concept of “lawfulness” is also present in the Directive on Copyright in the

s­ubscriber-­consumer of an online content service who, based on contract with a

3 Who Is a Lawful User?

3.2 Flexibility as a Necessary Component of “Lawful Use”

parties”, “honesty”, “reasonable results”, “fair framework”, the de minimis rule or

In light of the above, it is essential for these norms to be assigned a specific

Westkamp (2008), p. 55.

courts might intervene in exceptional cases to safeguard a fundamental right (free-

1 The Right of Communication to the Public

© Springer Nature Switzerland AG 2020 61

Another criterion considered by the CJEU is whether the user/defendant merely

Media, C 160/15.24 In SGAE, C 306/05, Football Association Premier League and

2 Communication to the Public and Linking

2.1 Svensson and Others, C 466/12

2.2 BestWater, C 348/13

2.3 GS Media, C 160/15

Nicosia, Cyprus Tatiana-Eleni Synodinou

Part I Copyright Law and the Internet

Part II Emerging Technologies and New Digital Challenges

Part III E-commerce and Online Consumer Protection

2.1 Commission Proposal

2.3 The Battle in the EP and the Final Vote

2.3.1 The Definition of “Online Content Sharing Service Provider”

2.4 The Final Compromise of the “Trilogue”: The New Art. 17

3 Access Providers, WiFis, and Injunctions

3.1 European Setting

3.2 Legal Reform in Germany

2.2 “ Lawful Use” in the Temporary Copy Exception

subscriber-consumer of an online content service who, based on contract with a

3 Who Is a Lawful User?

3.2 Flexibility as a Necessary Component of “Lawful Use”

1 The Right of Communication to the Public

2 Communication to the Public and Linking

2.1 Svensson and Others, C 466/12

2.2 BestWater, C 348/13

2.3 GS Media, C 160/15

3 Linking after GS Media, C 160/15, Before National Courts

4 Conclusion: Clarity Still Needed

2 Fundamental Rights in EU Copyright: So Far

h armonization, can then be argued to constitute the exercise by the EU legislator on

3 Fundamental Rights Out of the Box

3.1 Three German References

3.2 Discretion for Implementation

3.3 Arguing Inside the Rules

3.3.1 Extending the Scope of E&L

3.3.2 Setting Limits to the Scope of Exclusive Rights

3.4 Arguing Outside the Rules

3.4.1 The Scope of Exclusive Rights

3.4.2 Permitting Expression and Information: And (Too?) Much More

anuscripts that reveal the questionable position on a sensitive issue of a member

2.1 The Legal and Economic Background

2.2.1 Germany: An Adventurous Legal Story and its End

2.2.2 Spain: Following the Path of Limitations

3.1 Two Sides of the Same Arguments

3.2 Missing Causality and Burden of Proof

3.3 Diminishing or Maximizing Uncertainties?

3.4 The Pie Theory and the Impact on Authors’ Shares

2.1 Dualistic Approach

2.2 Monistic Approach

4 Redundancy: Connecting Points of Both Rights

2 Copyright Exhaustion and Cross-Border Trade

3.1 Exclusive Rights Versus the Internal Market

3.2 Exhaustion Under the EU Directives

4 Extending Exhaustion to the Digital Environment

4.1 Copyright Perspective

3.1 Information Protection in the Digital Age

3.2 Trade Secrets Directive and Civil Liability