IP and Privacy Rights as Fundamental Rights

March 25, 2021

Izabela Konopacka

The three sources of fundamental rights in the European Union undoubtedly reflect the complicated nature of the Union’s legal system.

Firstly, since the 1960s there has been continual development of a system of fundamental rights protection based on the general principles taken from Member State Constitutions. In turn, we can find them in the Court of Justice of the European Union’s jurisprudence.

Secondly, the Union has adopted its own Fundamental Rights in the form of the Charter of Fundamental Rights, which as a „written Bill of Rights” offers EU citizens a structured set of rights and makes it easier to use them.

Thirdly, there is a system of fundamental rights protection based on the European Convention on Human Rights. This directly affects the Member States and indirectly the EU system as a whole.  Following the Lisbon Treaty, the EU’s ability to become a party to the Convention was confirmed. However, as we all know, it has not been accepted yet, therefore, we cannot make a complaint to the Court of Human Rights against the EU because it is not a signatory to the Convention.

  1. Human Rights/Fundamental Rights involved

When it comes to how our fundamental rights are protected under the Charter and Convention we see the overlap between the two treaties. Furthermore, these have been interpreted and expanded by the Court of Human Rights. The EU, for example, has developed fundamental rights into legislation showing some of the differences between the institutions.

For example, Article 10 of the Convention protects our right to have our own opinions and to express them freely without government interference, Public protest, Freedom of the press and the same rights are mirrored under article 11 of the Charter

Article 8 of the Charter sets out the right to the protection of personal data, but the EU carries this further with, a whole range of specific protection such as the GDPR. The Convention expresses this differently, where the Court on Human Rights has emphasised that Article 8 includes private and family life, home, and correspondence including mail, telephone communications and e-mails in the workplace.

The ‘freedom to conduct a business’ in the charter on human rights, article 16  has been recognised by the CJEU to exercise an economic or commercial activity as we might expect.  However, because the Convention also applies to legal entities, their rights are protected too.

Having said this, there is an established concern about the standard of protection given at supranational level as well as the concern if and how the CJEU should allow Member States to apply their own, national, standard of rights protection as different from the EU standard when a situation falls within the scope of EU law remains controversial.

The above point was addressed in Melloni (C-399/11) where the CJEU gave its opinion on the primacy and uniformity of EU law. The case highlighted the difficult nature of rights protection in the EU. However, it also showed that the CJEU admitted that the level of protection for fundamental rights, for example, a right to a fair trial, may be lower than the level of protection guaranteed by the Convention because of the supremacy of EU law.

The above case also shows the differences between the two European Courts, while the Court on Human Rights interprets the Convention’s rights as a minimum standard, the EU mainly interprets EU rights standard as a maximum. Perhaps the jury is still out, and I should ask the rhetorical question. When it comes to human rights in Europe, are there really two rules and two protections?

  1. Protection of copyrighted work on the Internet and Service Provider Liability

We are all aware of the development of the Internet with new IT technologies contributing to largely uncontrolled exploitation of property protected by IP rights, including materials covered by copyright protection.

Apart from the problem of copyright infringement by individual Internet users or just end-users. There is the issue of the liability of businesses providing services on the Internet, who do not use the materials themselves but make the technical infrastructure available that enables their transmission, storage and use – and so contribute to copyright infringement.

As a response to this, the Electronic Commerce Directive (2000/31/EC) was intended to provide so-called “legal security”  by ensuring effective copyright protection on the Internet, but also safeguarding the interests of internet service providers.

Under Polish jurisdiction, the issue of liability for infringement of third party rights including copyright by service providers operating online is governed by the Provision of the Electronic Services Act of 18 July 2002. (Journal of Laws of 2002, No. 144, item 1204, as amended).

Under this statute, businesses providing services by electronic means are not obliged to verify the data they transfer, store or make available in terms of potential violations. At the same time, the act provides, like the Directive, liability exemptions which differ depending on the category of services provided. i.e. ‘mere conduit’ or pure transmission, caching and hosting.

It should be noted that the Polish Provision of Electronic Services Act substantially modifies the rules contained in The Electronic Commerce Directive on excluding liability for copyright infringement by service providers that provide hosting services.

In addition to the above statute, specific rules governing the use of copyrighted works by ISPs are set out in the Copyright and Related Rights Act of 4 February 1994. (Journal of Laws of 1994, No. 24, item 83).

It should be noted that the Polish legal system does not contain regulations typical of the “fair use” doctrine. However, It recognises the concept of  ‘permitted use’ and provides that no case of permitted use can infringe the ordinary use of the work or violate the legitimate interests of the author.

The most important cases of permitted use that are set out in the Act include amongst others:

  • personal use;
  • temporary reproduction, if it is of a transitory or incidental nature, having no independent economic significance but constituting an integral and fundamental part of a technological process the purpose of which is to enable: transmission of a work through the data transmission system between third parties by an intermediary; or the lawful use of a work;
  • the use of works listed in the statute for information purposes (reproduction, dissemination);
  • the use of works by educational and research institutions for teaching and research purposes;
  • the right to quote;
  • the exhibition of artistic work by the owner of a copy (exhibiting);

It should also be made clear that Polish copyright law is based on the Latin model, which provides for the legal protection of personal copyright as well as the creator’s economic (property) copyright. Only the latter one is negotiable, which works by way of an assignment of rights. The personal copyright cannot be taken away.

Within this context, there was an interesting case of the alleged infringement of copyrighted work which was a photograph recently commented on in the Polish media concerning a famous blogger,  the daughter of our former Prime Minister Donald Tusk -Make Life Easier.

This is a typical blog that could be described as a mixture of fashion and interior design with a healthy lifestyle and healthy eating recommendations.

On the last day of December Kasia (that’s the name of the blogger) informed her readers that the photo of her bedroom window that she had taken and posted on Instagram was subsequently used without her knowledge and permission by ZARA HOME for a campaign. The picture had been modified by the Zara Home and the company displayed its products on the picture.

As the blogger is a professional photographer it was assumed that the photo would fit the characteristics of a creative work, which you cannot use without the author’s consent.

Under Polish law, the mere publication of a photograph on the Internet, for example, on social media, is not the equivalent to giving such consent. However, a contract of assignment or a license agreement may authorize you to do so. Alternatively, you can also use the photo under the right of quotation. And this is where the matter becomes a little complicated. If we read Instagram’s rules carefully, it turns out that sharing, publishing or sending content using their service means granting Instagram a license to the content as well as a transferable license. This means that the service provider (in this case Instagram) can grant further licenses to other entities. So it could have been the case that Zara Home actually obtained a license from Instagram. However, even if this was the case, the copyright would have been infringed anyway.

By using the photo of Kasia Tusk, Zara Home violated more than just property rights.

So far, it is not known whether Zara Home used Kasia Tusk’s photos under a license. However, it does not change the fact that the violation actually took place. Even if not in connection with the infringement of the author’s economic rights, there is still the question of personal rights. Among them is the right to the integrity of the work.

Since the integrity of the content and the form of a work is a personal right and not a property right, it remains inextricably linked to the author. To put it simply, even if Kasia Tusk transferred the author’s economic rights in the photograph to Zara or Instagram granted the store a license, it would still have to obtain the author’s consent to make any changes to the work. However, there is no doubt that replacing elements of the photo with pillows from the store’s collection was a violation of the work’s integrity.

  1. Jurisprudence (ECHR & CJEU) vs Law (Directives)

I risk stating the obvious, when I say that since the beginning of the Internet era, there have been ongoing discussions regarding the state of regulation concerning the scope of liability for ISPs to overcome legal security issues in terms of IP protection.

On one hand, there has been a legal concept proposed which aimed at imposing maximum responsibility for the publication of materials on the Internet on the ISPs as they have the necessary tools to remove any unlawful materials and can easily identify the perpetrators.

On the other hand, many academics and lawyers have argued that such a concept is not in keeping with the concept of a fair trial and does not ensure a fair balance between the rights of a potential claimant and other protected rights such as privacy,  freedom of speech and the freedom to conduct a business.

The two directions have also been reflected in the CJEU’s Jurisprudence and other European courts. Some of them showing a liberal approach, others a very strict one in terms of the ISP liability

The most significant CJEU rulings in this context include the following cases:

– C-484/14 Tobias McFadden vs. Sony Music Entertainment (Secondary Liability for Open Wireless Networks in Germany)

In this case, the CJEU concluded that how the ISP’s liability is framed in the  Electronic Commerce Directive gives theservice provider a right to supply access to a communication network as their business and that the public or society has the right to freedom of information.

– C-70/10 Scarlet Extended SA vs  Société belge des auteurs, compositeurs et éditeurs SCRL (SABAM),

The main issue for the CJEU was whether under several EU Directives

[on Electronic Commerce (2000/31), the Information Society Directive (2001/29), the Enforcement Directive (2004/48), the Data Protection Directive (95/46), and the Privacy and Electronic Communications Directive (2002/58) ]

and in light of applicable human rights it is correct to issue an injunction against an ISP to force them to introduce a system of filtering all electronic communications for an unlimited period, at its expense to block unlawful use or transfer of copyrighted works.

The  Court concluded that Scarlet’s obligation to install a filtering system would in effect make the company carry out a costly general monitoring function for an unspecified period, contrary to the Electronic Commerce Directive.

Furthermore, the Court noted that the fundamental right to property, which includes IP rights “must be balanced against the protection of other fundamental rights.”

In – C-314/12 UPC Telekabel Wien GmbH vs. Constantin Film Verleih GmbH and Wega Filmproduktionsgesellschaft mbH,

An ISP in this case acted as an intermediary by allowing users to access copyrighted material on their website which meant that under Article 8(3) of the Information Society Directive (2001/29/EC) the copyright holder could apply for an injunction.

The court held that a national court may issue an injunction against an ISP in such a situation, but it must be balanced against the public interest in accessing the information.

– C-324/09 L’Oréal SA and others vs  eBay International AG and others

L’Oréal, the French cosmetics company, is the proprietor of several national trademarks in the UK, as well as community trademarks within the EU. The company brought infringement actions against eBay, its European subsidiaries, and individual defendants who had sold several counterfeit items resembling brand names associated with L’Oréal.

Among other claims, L’Oréal argued that eBay was liable for the use of its trademarks by displaying them on the website and the advertising-sponsored links provided by Internet search engines, such as Google. In 2009, the UK High Court stayed proceedings pending a preliminary ruling by the CJEU in light of the applicable EU directives.

The Court held that a trademark proprietor is entitled under the Trade Marks Directive (89/104) and the Community Trade Mark Regulation (40/94) to prevent the operator of an online marketplace from advertising its goods without consent which were targeted at consumers in the EU. The Court also ruled that eBay may not be exempt from liability provided under Article 14(1) of the Electronic Commerce Directive 2000/31 when it plays an active role in the sale of goods by optimizing the presentation of offers or promoting them.

Concerning eCommerce platform content filtering systems, the CJEU held that eBay is an intermediary within the meaning of the third sentence of Article 11 of the Enforcement Directive (2004/48) and the injunctions against such intermediary may be issued, however the injunctions must be effective, proportionate and deterrent, without creating restrictions on legitimate trade.


The cases and decisions I have highlighted seem to confirm that there is no uniform position for the CJEU when it comes to the IP infringement on the internet. Therefore, we might conclude that EU law, including the jurisprudence, is in a constant state of development concerning the issues discussed because of the evolution of New Technologies.

The regulators at both EU and national level have found it necessary to amend the existing provisions regarding the internet sphere and upgrade the security rules for digital platforms, services and products.

To this end the Digital  Service Package will soon enter into force to complete the EU Digital Single Market.

At this point, I would like to mention that the Polish government has recently also introduced a new bill referred to as the “Freedom Act” which governs the issue of freedom of speech on the Internet.

The aim of the bill, as our Minister of Justice expressed, is to prevent ISPs from blocking content posted by internet users provided it does not violate Polish law. Under the bill the person whose posts or comments have been blocked will be able to appeal to the Council for Freedom of Speech and it will be for the Council to decide whether the measure applied by the online service provider was justified or not.

Many lawyers  have taken the position that the bill contradicts the DSA project (on which the European Union, including Poland, is currently working intensively) to a certain extent by, for example, granting protection only to Polish Internet users or not defining “unlawful” content. The EU regulation on digital services, as a supranational law will supersede the Freedom Act, which may be a major complication for Polish Internet entrepreneurs who are at risk’ from having to adapt to the requirements of both acts.

Concluding the question of whether the legitimate interests of all internet users and ISPs may be fairly protected and secured under new EU legislation and Member State national laws remains still open for further discussion.

AEA-EAL is committed to handling your Personal data in ccompalince with applicable data protection laws, including the General Data Protection Regulation ("GDPR"). If you have any questions, please contact us at privacy@aea-eal.eu. Our privacy policy and cookies policy are available here.
AEA-EAL aisbl - siege social/headquartes: Avenue Louise 235 - 1050 Bruxelles/Brussels - Belgique/Belgium KBO/BCE 0465.302.664
phone: +32 (0)2 467 34 24 e-mail: aea-eal@aea-eal.eu

Copyright 2023 AEA-EAL