cearta.ie

In the early days of this blog, I wrote three posts on whether there is a criminal or civil legal liability for using other people’s wifi without permission.

I was reminded of these posts yesterday, when Edmund Heaphy (a student in Trinity, and a journalist at Quartz) contacted me about the following story:

The unique legal concept that led to Germany’s weird wifi laws

Germany is about to get a lot more free wifi. One of the country’s highest courts has upheld a 2017 law designed to put an end to the effect of a peculiar legal concept known as Störerhaftung as it applies to public wifi networks. …

Whilst the decision of the Bundesgerichtshof (Federal Court of Justice) is very welcome, German lawyers have told the World Intellectual Property Review that more clarity is needed. As Mateusz Rachubka points out o the 1709 Blog, the 2017 legislation is a result of the decision of the CJEU in Case C-484/14 Tobias McFadden v Sony Music Entertainment Germany GmbH, which held that the eCommerce Directive (Directive 2000/31/EC; OJ 2000 L 178, p. 1) precluded a rights-owner seeking damages from an access provider whose open network was used by a third party to upload or download material that infringed copyright, but did not preclude the rights-owner seeking an injunction requiring the access provider to terminate or prevent a copyright infringement.

In today’s Irish Times, Mark Paul reports that “three global music labels are limbering up to seek a High Court order against Sky Ireland to force it to implement a ‘three strikes and you’re out’ policy against its broadband customers who download music from pirate sites”. In Sony Music Entertainment Ireland Ltd v UPC Communications Ireland Ltd [2016] IECA 231 (28 July 2016) [hereafter: Sony v UPC] the Court of Appeal held that the courts could indeed make just such an order, and that the costs of implementing it were to be borne 80% by the internet service provider, and 20% by the copyright rights-owner (subject to a cap). No doubt, the three labels involved in the action reported in the Irish Times – Sony Music Entertainment, Warner Music and Universal Music – will rely on this case in their action. However, since it was decided, the UK Supreme Court has handed down its decision in Cartier International AG v British Telecommunications plc [2018] 1 WLR 3259, [2018] UKSC 28 (13 June 2018) [hereafter: Cartier v BT], and it stands in stark contrast with Sony v UPC. The structure of both cases is exactly the same: a holder of intellectual property rights seeks an injunction against an online intermediary to prevent infringement of the rights-holder’s rights on the intermediary’s platform, and the intermediary seeks an order that the rights-holder should bear (some at least of the) costs of implementing the injunction. However, the resolution of the issues in both cases differs quite substantially: the UK Supreme Court in Cartier v BT granted the injunction on a basis rejected by the Irish courts, and it imposed the costs of its implementation entirely on the rights-holder seeking it. The application reported today provides an appropriate context in which to consider these issues. The basis of the injunctions in Sony v UPC and Cartier v BT will be discussed in this post, and the differing costs orders will be discussed in a subsequent one.

In Sony v UPC, the Court of Appeal upheld an order made by Cregan J in the High Court [Sony v UPC (No 1) [2015] IEHC 317 (27 March 2015)] requiring an internet service provider to implement a graduated response system against customers who infringe copyright. The system is graduated, because the responses range from initial warning letters to applications for to court for disconnection of the infringing customers. And the order was made on foot of section 40(5A) of the Copyright and Related Rights Act 2000 (also here) [hereafter: CRRA]. The case is the most recent reported stage of litigation between copyright rights-owners (such as music and movie companies) and internet service providers that has been ongoing since 2005. (more…)

The record man said
‘Don’t let it go to your head, I’m gonna make you a star’
… So mama please don’t worry about me, I’m nearly famous now.

1. Introduction
The words above are in the first verse of “I’m Nearly Famous”, the title track of an album released in 1976 by Sir Cliff Richard [Sir Cliff], pictured left rocking Greenwich, UK, in 2017. Six weeks earlier, the South Yorkshire Police [SYP] had admitted that their tip off to the BBC that he was being investigated in respect of allegations of historic sex abuse infringed his privacy (see, eg, Richard v BBC [2017] EWHC 1648 (Ch) (26 May 2017)). On foot of that tip off, the British Broadcasting Corporation [the BBC] gave those allegations and the search of Sir Cliff’s property in Sunningdale, Berkshire prominent and extensive television coverage. Last week, in Richard v BBC [2018] EWHC 1837 (Ch) (18 July 2018) Mann J held that that the BBC’s broadcasts also infringed Sir Cliff’s privacy, and awarded him £210,000 damages. In a previous post, I have considered Mann J’s analysis that Sir Cliff had a reasonable expectation of privacy under Article 8 of the European Convention on Human Rights [the ECHR] in respect of the police investigation. In this post, I will consider whether the BBC nevertheless were entitled under Article 10 ECHR to broadcast the allegations and the search. In a future post, I will consider the quantum of damages awarded.

2. Article 10 ECHR and the BBC’s Freedom of Expression
The concept of media freedom is at the heart of modern democracy (see, eg, András Koltay “The concept of media freedom today: new media, new editors and the traditional approach of the law” (2015) 7(1) Journal of Media Law 36). It is a significant point of difference between Sir Cliff’s case against the SYP and his case against the BBC. Although Mann J held that Sir Cliff’s prima facie reasonable expectation of privacy arose against both the SYP and the BBC, the difference between them arose at the subsequent stage of balancing Sir Cliff’s reasonable expectation of privacy under Article 8 ECHR with the BBC’s freedom of expression under Article 10 ECHR. Mann J undertook that balance pursuant to the speech of Lord Steyn in In re S (A Child) [2005] 1 AC 593, [2004] UKHL 47 (28 October 2004) [17], which he interpreted ([2018] EWHC 1837 (Ch) [276]) in the light of the judgment of the Grand Chamber of the European Court of Human Rights in Axel Springer AG v Germany 39954/08, (2012) 55 EHRR 6, [2012] ECHR 227 (7 February 2012) [89] (see, generally, Rebecca Moosavian “Deconstructing ‘Public Interest’ in the Article 8 vs Article 10 Balancing Exercise” (2014) 6(2) Journal of Media Law 234) He held that factors to be taken into account in balancing Article 8 and Article 10 include (a) the contribution of the publication to a debate of general interest, (b) how well-known is the person concerned and what is the subject of the report, (c) the prior conduct of the person concerned, (d) the method of obtaining the information and its veracity, (e) the content, form and consequences of the publication, and (f) the severity of any sanction imposed.

Applying each criterion in turn, Mann J held (a) knowing that Sir Cliff was under investigation might have been of interest to the gossip-mongers, but it did not contribute materially to the genuine public interest in the existence of police investigations in this area ([2018] EWHC 1837 (Ch) [282]); (b) “public figures are not fair game for any invasion of privacy” (ibid, [287]); and (c) Sir Cliff’s public position and stated views do not diminish his right to privacy in respect of allegations of the kind which underpin the BBC’s disclosures (ibid, emphasis in original); (d) the information was accurate (ibid, [289]) but the BBC’s methods of obtaining it were questionable, though this weighed only very lightly in Sir Cliff’s favour (ibid, [292], [296]); and (e) the broadcasts were presented with “a significant degree of breathless sensationalism” which “went in for an invasion of Sir Cliff’s privacy rights in a big way” (ibid, [300], [301]). He left the question of the chilling of effect of any sanction to the discussion of quantum, which I will address in a future post. He also had regard to the BBC’s editorial guidelines (as a “relevant privacy code” within the meaning of section 12(4)(b) of the Human Rights Act 1988).

Taking all these factors into account, Mann J came “to the clear conclusion that Sir Cliff’s privacy rights were not outweighed by the BBC’s rights to freedom of expression” (ibid, [315]). (more…)

I just got to tell someone about the way I feel,
Shout it from the rooftop to the street,
And if I spread the word please tell me who’s it gonna hurt …

1. Introduction
The words above are the opening lines of “Can’t Keep this Feeling In“, released in 1998 by Sir Cliff Richard [Sir Cliff], pictured left in a mellow pose at a concert in Sydney, Australia in February 2013. In August of the following year, arising out of an ongoing investigation into allegations of historic sex abuse, the South Yorkshire Police [the SYP] searched a property belonging to him in Sunningdale, Berkshire; and – on foot of a tip off from the SYP the previous month – the British Broadcasting Corporation [the BBC] gave the allegations and the search prominent and extensive television coverage. Sir Cliff was never arrested or charged; and, in June 2016, the Crown Prosecution Service [the CPS] decided that Sir Cliff would not face any charges. This decision was re-affirmed by the CPS the following September, following a full review of the evidence.

Meanwhile, in July 2016, Sir Cliff commenced legal proceedings against the SYP and the BBC, arguing that SYP’s leak to the BBC in July 2014, and the BBC’s coverage of the raid in August 2014, invaded his privacy and breached his data protection rights. Before the trial, SYP admitted liability and agreed to pay Sir Cliff £400,000 damages, plus costs (see Richard v BBC [2017] EWHC 1648 (Ch) (26 May 2017)). Earlier this week, in Richard v BBC [2018] EWHC 1837 (Ch) (18 July 2018) Mann J held that that Sir Cliff succeeded in his privacy claim against the BBC and awarded him £210,000 in general damages (£190,000 in compensatory damages, and £20,000 in aggravated damages), with some items of special damages to be decided at a future date. Because of the success of the privacy claim, Mann J held that he did not need to consider the data protection point.

There are three areas of interest in Mann J’s judgment: first, whether Sir Cliff had a reasonable expectation of privacy, having regard to Article 8 of the European Convention on Human Rights [the ECHR]; second, whether the BBC nevertheless were entitled to broadcast, having regard to Article 10 ECHR; and third, the quantum of damages awarded. I will deal with the question of Sir Cliff’s reasonable expectation of privacy in this post; and I will deal with the other two issues in subsequent posts [update: the post on the BBC’s Article 10 rights is here].

2. Article 8 ECHR and Sir Cliff’s Reasonable Expectation of Privacy
In the earlier Irish case of Hanahoe v Hussey [1998] 3 IR 69, [1997] IEHC 173 (14 November 1997) Kinlen J awarded Ir£100,000 damages (worth approximately €185,000 or St£165,000 today) against the Commissioner of An Garda Síochána (Ireland’s National Police and Security Service) for a similarly unjustified leak of a similarly high-profile search. Kinlen J held that the leak was an “outrageous interference” with the defendants’ privacy rights ([1997] IEHC 173 [69]) but awarded damages for misfeasance in public office as a species of negligence ([1997] IEHC 173 [67], [73]). The SYP’s settlement, and this week’s judgment by Mann J, show that the direct protection of privacy interests has evolved sufficiently that their indirect protection via other torts is no longer necessary.

As with the phone hacking cases (see Mann J at first instance; see also the Court of Appeal), Sir Cliff’s case was commenced in the Chancery Division of the High Court, presumably reflecting the fact that the modern English protection of privacy interests began, under the impetus of Article 8 of the European Convention on Human Rights, by pressing the equitable claim for breach of confidence into service. The process continued by shearing that claim of limitations that affected its ability to protect privacy interests, before transmuting it into a claim for misuse of private information separate from breach of confidence. This claim is now characterised as a tort. So, in the present case ([2018] EWHC 1837 (Ch) [264]), Mann J referred to “the English tort which essentially gives effect” to Article 8 ECHR. This tort turns on on whether the claimant has a reasonable expectation of privacy that has been infringed by the defendant (more…)

The Summer 2018 volume of the Northern Ireland Legal Quarterly has been published this morning. Just in time for tomorrow’s seminar, and building on my earlier paper in the QUT Law Review, it contains the following piece by me:

“A Little Parthenon No Longer: The Proportionality of Tobacco Packaging Restrictions on Autonomous Communication, Political Expression and Commercial Speech” (2018) 69(2) Northern Ireland Legal Quarterly 175-211

Abstract
This paper evaluates the constitutionality of statutory restrictions upon tobacco packing in Ireland. It concludes that public health and the protection of children constitute pressing and substantial reasons sufficient to justify the Public Health (Standardised Packaging of Tobacco) Act 2015 and Part 5 of the Health (Miscellaneous Provisions) Act 2017 as proportionate restrictions upon tobacco companies’ freedom of political expression protected by Article 40.6.1 of the Constitution and freedom of autonomous communication protected by Article 40.3.1.

In many respects, Ireland has been a world leader in tobacco control, from banning smoking in the workplace or in cars with children, to requiring standardised packaging. Part 1 introduces this article; it sets out the background to the 2015 and 2017 packaging legislation. Part 2 of this article, on restrictions, describes the restrictions in the packaging legislation. Part 3 of this article, on rights, provides a conspectus of the Irish constitutional speech rights engaged or burdened by these restrictions. This Part presents these rights as comprising a freedom of political expression in Article 40.6.1 of the Constitution and a freedom of autonomous communication in Article 40.3.1. Moreover, these two rights carry concomitant rights to keep silent and to be informed. Part 4 of this article, on reasons, considers the pressing and substantial reasons which the State may proffer to seek to justify the restrictions in the packaging legislation upon constitutional speech rights. Part 5 of this article, on standards of review, considers the extent to which the restrictions in the packaging legislation, motivated by concerns relating to public health and the protection of children, satisfy the current Irish version of the principle of proportionality. It also considers the extent to which the restrictions might satisfy other standards of review or scrutiny. Part 6 concludes this article, bringing together all of the strands of analysis in the previous Parts. And it concludes that, if the restrictions on constitutional speech rights in the Public Health (Standardised Packaging of Tobacco) Act 2015 and in Part 5 of the Health (Miscellaneous Provisions) Act 2017 are challenged by the tobacco companies, the courts will find that those Acts are constitutionally valid.

Attractive packaging is an important element of a product’s effective marketing. Indeed, so central has packaging been to the allure of smoking that Leonard Cohen could extol “the little Parthenon / of an opened pack of cigarettes”. Ireland has been in the vanguard of tobacco control worldwide. With the 2015 and 2017 packaging legislation, it continues to set a very important example. The constitutional validity of these packaging restrictions would underpin a crucial element of the Department of Health’s moves towards tobacco-free Ireland by 2025. And the pack of cigarettes, with large warning photos dominating standardized packaging, would be Cohen’s little Parthenon no longer.

An earlier version of the paper, under the title “Is Standardised Tobacco Packing a Proportionate Restriction on Constitutional Speech Rights”, was delivered at the ICON-S British and Irish Chapter Inaugural Conference, Trinity College Dublin, Ireland, on 5 September 2017.

In today’s Irish Times, this week’s instalment (audio here) in the ongoing mis-adventures of Ross O’Carroll Kelly intersected with this blog. Ross is a hapless dad and clueless (if ruthless) estate-agent, who has been described as “Ireland’s most eligible married man” and “the greatest Irish [rugby] player never to actually make it in the game”, and the scene opens with our hero being summoned by the boss:

It’s, like, just before midday when Lauren tells me she wants to talk to me in her office. … She goes, “What do you know about GDPR, Ross?”

I’m like, “Quite a lot, actually.”

Oh, that shocks her – such is my reputation for being as stupid as a goose.

She’s like, “Okay, tell me what you know about GDPR.”

“First,” I go, “you make sure the patient is comfortable by putting some kind of cushion under their head and loosening any tight clothing. Then, you place the heel of your hand on the patient’s breastbone, with your other hand on top of it, interlocking your fingers …”

“That’s CPR, Ross.”

And so it goes on for a while, until Dave – “from Human Resources (formerly Payroll)” – arrives, and asks Ross where his laptop is. Poor Ross. We know from last week’s column (audio here) that he had left his car unlocked at a filling station, from which someone stole his “laptop bag, a briefcase and three Donnybrook Fair shopping bags out of the boot”. So, Ross eventually comes clean to Lauren:

I’m there, “Okay, I’m going to be finally honest with you. They were stolen from the boot of my cor when I pulled in to get petrol. Was there any sign of the three shopping bags from Donnybrook Fair that were also taken? There was six tins of individually, line-caught, white tuna fillets in there that cost 11 yoyos per pop.”

“Why didn’t you tell me about this?”

“Er, why would I tell you about it? It was my laptop. They were my client files.”

“I’m the Managing Director of this estate agency, Ross. It’s my responsibility to report breaches to the Data Protection Commissioner as soon as they’re discovered. Do you know what the penalties for this could be?”

“Chill out, Lauren. There’s no real damage done.”

And that’s when she says it. She fixes me with a look and goes, “You’re fired, Ross.”

As he will no doubt quickly learn, GDPR stands for the EU’s General Data Protection Regulation. It, and its incorporating Irish legislation, came into effect on Friday 25 May 2018. And the theft of the laptop and files (and, let’s not forget, tuna fillets and other overpriced groceries) came to light in the column published on Saturday 26 May. If the Saturday column is real-time reportage, or if it is reporting something that happened on Friday, then the data breach happened after the GDPR and Irish legislation came into force, and Lauren does indeed have to report it to the Data Protection Commission. However, if the column is reporting something that happened earlier in the week, then the GDPR was not in force, and the Rossmeister might just get away with it – again.

Australia and Ireland were the first two countries in the world to introduce legislation to require standardized packing of tobacco products. As Olivia Kelly reports in the Irish Times that the Minister of State for Health Promotion, Catherine Byrne TD launched a landmark Report on the State of Tobacco Control in Ireland to mark World No Tobacco Day yesterday, I’m delighted to announce that a seminar on this topic will be held from 2:00pm to 4:00pm on Tuesday 12 June 2018 in the Neill Lecture Theatre in the Trinity Long Room Hub Arts & Humanities Research Institute, Trinity College Dublin.

The main speaker will be Prof Matthew Rimmer (QUT); I will respond to his presentation; the seminar will be chaired by Prof Shane Allwright (TCD); and there will be plenty of time for questions and answers.

Matthew Rimmer (pictured right) is Professor of Intellectual Property and Innovation in the Faculty of Law, Queensland University of Technology, Brisbane, Australia. He has recently edited a special issue of the QUT Law Review on the plain packaging of tobacco products worldwide. At the seminar, he will talk about the Australian plain packaging legislation, and the failed challenges to it in the Australian courts, on foot of an investment treaty between Australia and Hong Kong, and before the World Trade Organisation.

In response, I will talk about the Irish plain packaging legislation, the failed challenge to it in the Irish courts, the failed challenge to similar UK legislation in the UK courts and before the Court of Justice of the European Union, and the slim prospects for success of future possible challenges.

Shane Allwright will chair the seminar. She is Emeritus Fellow, retired Associate Professor of Epidemiology, and former Registrar, Trinity College Dublin. She chaired the Working Group on the Health Effects of Environmental Tobacco Smoke (ETS) in the Workplace, whose 2002 Report (pdf) led to the introduction in Ireland of the world’s first outright ban on smoking in the workplace in 2003.

The seminar is open to the public, and all are welcome to attend, but booking is essential.

New politics certainly make for interesting times. Minority governments are no strangers to defeats, even to two defeats in one day, but yesterday marked another milestone, when the government lost not merely two votes, but votes on two successive legislative amendments. They both related to the protection of children in the Data Protection Bill, 2018. The first will make it an offence to process the personal data of a child for the purposes of direct marketing, profiling or micro-targeting; the second will set the digital age of consent at 16. In fact, seeing the writing on the wall, rather than suffer the indignity – surely unique, even in this era of new politics – of four defeats in one evening, the Minister accepted a third amendment and declined to press a fourth of his own. The third amendment that he accepted will permit not-for-profit bodies to seek damages on behalf of data subjects; and the amendment that he withdrew would have undercut the effect of the third successful amendment. (The three successful amendments are amendments 14, 15 and 115 here (pdf), amending this version (pdf) of the Bill, and debated here). Earlier versions of all three successful amendments had been defeated by the government at every previous stage of the Bill. Time will tell if any of them proves significant, but the one that has generated the most coverage so far is the amendment to the digital age of consent.

The aim of the Bill is to incorporate the General Data Protection Regulation (Regulation (EU) 2016/679) into Irish law. Article 6(1) GDPR sets out six bases for lawful processing of personal data, the first of which, specified in Article 6(1)(a), is that “the data subject has given consent to the processing of his or her personal data for one or more specific purposes” [on consent, see ICO | WP29]. A child can, in principle, provide such consent; but a minimum age at which children as data subjects can consent to having their personal data processed is not specified in the GDPR. Article 7 GDPR provides that the controller must be able to demonstrate this consent, and the younger the child is, the more difficult it will be for the controller to do so. To these flexible general rules relating to the consent of children, Article 8 GDPR provides a bright-line exception, which has become known as the digital age of consent. (more…)