WILMap: Ireland


[These Regulations amend sections 40 and 205 of the Copyright and Related Rights Act 2000 to allow an application for an injunction against an intermediary regarding copyright infringement.  They were enacted as a result of the Information Society Directive (Directive 2001/29/EC) and EMI v UPC (2010) (see below).] 
[The legislation governing defamation in Ireland. Includes a defence of innocent publication in s.27. A court may make an order prohibiting publication of a defamatory statement under s.33.  The Act also contains an offence of blasphemy in s.36.]
[This Statutory Instrument implements the E-Commerce Directive (Directive 2000/31/EC) into Irish law.  The Regulations include restrictions on liability, subject to certain conditions, regarding mere conduits, caching and hosting (Regs. 15-18).  Non-liability is defined to include civil or criminal liability (Reg. 15(b)). The Regulations do not apply to gambling activities (Reg.2).]
[The main Act dealing with Copyright in Ireland.  The Act has been amended a number of times and most of the amendments are available here. Of particular relevance to intermediaries, section 40(3) of the Act states that  the provision of facilities for enabling the making available to the public of copies of a work shall not of itself constitute an act of making available to the public of copies of the work.  S.40(4) states that where a person who provides facilities referred to in s.40(3) is notified by the owner of the copyright that those facilities are being used to infringe the copyright and the person fails to remove the infringing material as soon as practicable thereafter that person shall also be liable for the infringement. An additional subsection was added to s. 40 in 2012 – see European Union (Copyright and Related Rights) Regulations 2012 above.] 
Other legislation relevant to intermediaries includes:


[The Code governs the conduct of ISPAI's Members and may be amended from time to time by 75% majority vote of members of ISPAI. The Code mandates the development of acceptable use policies for participating ISPs which clearly set out guidelines for customers/users, including prohibitions on customers using ISP service to create, host, transmit material which is unlawful / libellous / abusive / offensive / vulgar / obscene / calculated to cause unreasonable offence. The Code also sets out procedures for dealing with complaints regarding third party content, illegal material and harmful material.]


[A report by an expert committee on reform of copyright law, including a draft Bill. Includes proposals concerning intermediaries, e.g.  (1) that a “marshalling” exception be introduced for sites which index, syndicate, aggregate or curate online content and (2) that certain sections of the Copyright and Related Rights Act 2000 concerning transient and incidental copies be amended to come more closely into line with the CJEU’s approach to interpretation of the Information Society Directive.] 
[The Privacy Bill was published by the previous Government in 2006 but has not been enacted.  In 2012, the Minister for Justice stated that he was considering re-introducing a version of this Bill.]  


Superior Courts

Supreme Court, EMI v Data Protection Commissioner [2013] IESC 34 
[copyright, privacy, data protection, graduated response]
[A settlement had been reached between record companies and a large ISP, Eircom, instituting a Graduated Response Protocol under which Eircom would issue copyright infringement notices to customers.  The Data Protection Commissioner believed that this Protocol breached EU and Irish data protection law and issued an enforcement notice requiring Eircom to cease its operation of the Protocol. The Supreme Court found that the enforcement notice was invalid because of the absence of reasons.]

Lower Courts

High Court, Sony Music & Ors v UPC Communications [2015] IECH 317
[copyright, privacy, access provider, piracy, peer2peer, graduated response, identity disclousure]
[(1) The plaintiffs, Sony, Universal and Warner Music, sought an injunction to impose upon UPC Communications, the second largest Irish Internet access provider, an obligation to implement a "Graduated Response Strategy" (GRS) against UPC's subscribers allegedly infringing plaintiffs' copyrights online. The injunction sought was pursuant to s.40 (5A) of the Copyright and Related Rights Act, 2000 (as amended) (see above) requiring that the defendant take reasonable steps to prevent its subscribers from using the defendant’s internet service for the purpose of breaching the plaintiffs’ copyright in the plaintiffs’ sound recordings
(2) According to the court, the essential elements of a GRS are that "(i) the owners of the copyright send to the ISP a list of infringements with reference to specific internet protocol addresses; (The copyright owners can only identify the specific IP address. They cannot identify the name and address of the subscriber). However when this information is sent to the defendant, the defendant as the ISP can, using the IP addresses, identify the name and address of its subscribers. (ii) It then writes to its subscribers informing them that these matters have come to its attention. (iii) The second letter is a second reminder or threat of further action. (iv) The third step would be the suspension of the account for a week. (v) The fourth step would be the termination of the account."
(3) The Court granted an injunction as sought by the plaintiff imposing upon UPC an obligation to implement a GRS as the European "directives permit the courts of Member States to impose injunctions on internet service providers [, . . . ] even though ISPs are not regarded as liable in law for the actions of their subscribers," due the availability of a "mere conduit" defense. According to the injuction, the GRS cannot encompass any suspension or termination of users' accounts but only the disclosure of information to make a Norwich Pharmacal order to finally seek an accounts' suspension or termination. The GRS should encompass the following steps:
  1. Step 1 - That the plaintiffs would furnish all relevant infringement information to the defendant and that the plaintiffs would bear the cost of this process.
  2. Step 2 - That the defendant, when it receives a first copyright infringement notification from the plaintiffs, would send its subscribers a letter setting out the infringement and requesting him/her to cease and desist.
  3. Step 3 - That the defendant where it receives a second copyright infringement notification would send a second letter to its subscriber requesting him/her to cease and desist.
  4. Step 4 - That the defendant, where it receives a third copyright infringement in respect of a subscriber from the plaintiffs, would send to the plaintiffs a notification that a subscriber account has been the subject matter of three such notifications.
  5. Step 5 - The plaintiffs, having been informed of a third copyright infringement notification and having been informed of the relevant IP addresses etc, could make a Norwich Pharmacal type application to ascertain the subscriber’s identity and address and the plaintiffs could then seek an order under s.40 (5A) for the suspension and/or termination of the subscriber’s service. Such applications would not be opposed or consented to by the defendant and the defendant would not seek its costs.
(4) Finally, the Court noted, on the issue of allocation of costs, that "because the defendant is the company which profits - albeit indirectly - because it derives revenue from its subscribers who are engaged in this practice, it is the defendant who should, in my view, be primarily liable for the costs." Therefore, according to the Court, UPC will be required to bear 80% of the costs estimated between €800,000 and €940,000. However, the plaintiffs may only send to UPC up to 2,500 infringment notifications per month.]
High Court, Walsh v Twitter, October 2, 2015
[privacy, data protection, defamation, hosting provider, Facebook, user information, disclosure]
[(1) Twitter International Company was ordered to disclose data about the source of tweets about a whistleblower. The tweets, which included allegations of insurance fraud, are alleged to be defamatory. The whistleblower has brought a defamation action against the poster of the tweets, and asked the court to require Twitter to turn over information that would allow the whistleblower to identify the poster.
(2) The Court order Twitter to turn over the poster’s name. The Court also issued an injunction to prohibit the destruction of any evidence or records related to the tweets.]
High Court, Schrems v Data Protection Commissioner [2014] IEHC 310 
[privacy, data protection, Facebook, transfers of personal data to USA]
[(1) The Data Protection Act 1988 as amended prohibits transfers of personal data outside the state unless adequate privacy protections are in place.  In 2000, the European Commission had decided that the USA ensured an adequate level of privacy protection for data.  A Safe Harbour framework had been put in place between Europe and the USA regarding transfers of personal data.
(2) In light of the Snowden revelations, Mr Schrems, an Austrian lawyer who runs the “Europe v Facebook” group, made a complaint to the Data Protection Commissioner arguing that the Commissioner should direct that transfers of personal data from Facebook Ireland to Facebook in the USA should cease.  Facebook Ireland is responsible for millions of Facebook users outside the USA and Canada.
(3) The Commissioner decided that the request was unsustainable in law.  Mr Schrems sought Judicial Review of the Commissioner’s decision.  
(4) In the High Court, Hogan J. said that much had changed since 2000, including for example the entry into force of the EU Charter of Fundamental Rights.  As a result, he referred questions of EU law to the Court of Justice of the EU (CJEU).  He also noted that mass and indiscriminate surveillance of communications as shown by the Snowden revelations would, as a matter of Irish law, be unconstitutional, but that Irish law on this matter had effectively been pre-empted by EU law.]  
[privacy, data protection, Facebook, transfers of personal data to USA, amicus curiae]
[The High Court ordered that Digital Rights Ireland (DRI) be added as amicus curiae in the proceedings, which will now proceed to the CJEU.  DRI had stated that it would not adopt a position of partisanship. Hogan J. distinguished this case from the case of EMI v UPC [2013] IEHC 204, where DRI was not added as amicus curiae. The court also noted DRI’s successful case before the CJEU – Case 293-12, Digital Rights Ireland v Minister for Communications ECLI:EU:C:2014:238. The court did not permit DRI as amicus to alter the nature of the questions which it had already proposed should be transmitted to the CJEU.] 
High Court, Cummins v Twitter, February 2014 
[defamation, libel, hosting provider, Twitter]
[The High Court ordered that Twitter remove defamatory posts concerning the mayor of Waterford.  The order was made under s.33 of the Defamation Act 2009.]  
High Court, EMI v UPC [2013] IEHC 274
[copyright, access provider, ISP, torrent, ThePirateBay, blocking order]
[Record companies successfully applied for an order against various ISPs blocking access to the Pirate Bay website, based on the amended s.40 of the Copyright and Related Rights Act 2000. Later in 2013, the record companies successfully applied to the High Court for Kickass Torrents to be blocked.]
High Court, EMI v UPC [2013] IEHC 204
[copyright, access provider, ISP, torrent, ThePirateBay, blocking order, amicus curiae]
[Record companies had instituted proceedings seeking an order against various ISPs blocking access to the Pirate Bay website.  Digital Rights Ireland (DRI) applied to be added as an amicus curiae.  The Court refused to add DRI to the case.  Considering Irish cases on criteria for joining an amicus curiae, the court found that this case did not involve novel principles and DRI was not a neutral party.]  
High Court, Tansey v Gill [2012] IEHC 42
[defamation, hosting provider, preliminary injunction, interlocutory order]
[The plaintiff claimed he had been defamed on the website www.rate-your-solicitor.com.  He successfully sought interlocutory orders under s.33 of the Defamation Act 2009 against certain defendants prohibiting publication of the defamatory statements.  The court noted that, since the arrival of the internet, judicial hesitation in granting interlocutory orders of this type should be eased. One of the defendants was the host of the website, Dotster, located in the USA.  Dotster had not made an appearance in the case and the court made a final order in default of appearance.]   
High Court, McKeogh v Doe [2012] IEHC 95 
[defamation, privacy, right to good name, video removal, Norwich Pharmacal orders.]
[The plaintiff had wrongly been identified as the taxi fare evader shown in a video posted on various websites.  The judgment primarily concerns the issue of whether the plaintiff could be named on newspaper websites reporting the court case and the court ordered that he could be named.  The court noted that it had earlier granted interim orders that social media sites such as YouTube and Google should remove the video and provide the identities of web users who had defamed the plaintiff.  The orders regarding identities of web users were granted applying the UK tort case of Norwich Pharmacal v Customs & Excise [1973] UKHL 6. According to media reports, there have been further developments in this case in 2013 and 2014.] 
High Court, EMI v UPC [2010] IEHC 377 
[copyright, access provider, mere conduit, ThePirateBay, E-Commerce Directive]
[Record companies sought orders (1) restraining UPC, an ISP, from making available to the public copies of sound recordings which breach copyright and (2) requiring UPC to block access to the Pirate Bay site. The court found that s.40(4) of the Copyright and Related Rights Act 2000 only covered “removal” of infringing material and therefore an injunction could not be granted.  Charleton J. also reconsidered his previous decision in EMI v Eircom [2009] IEHC 411 (see below), in which he granted an order requiring an ISP to block access to the Pirate Bay, and stated that his previous decision in that case had been incorrect. Following this case, s.40 of the 2000 Act was amended by Statutory Instrument in 2012 (see above).] 
[privacy, data protection, data retention, access providers, ISP, telephony providers, Directive 2006/24/EC, referral, ECJ, invalidity]
[This litigation concerned the validity of the data retention requirements imposed on ISPs and telephony providers. This case led to a decision by the CJEU (Grand Chamber) that the Data Retention Directive (Directive 2006/24/EC) was invalid, Case 293-12, Digital Rights Ireland v Minister for Communications ECLI:EU:C:2014:238.]
High Court, EMI v Eircom [2010] IEHC 108  
[copyright, data protection, graduated response]
[Record companies had reached a settlement with a large ISP (Eircom) instituting a graduated response system.  Charleton J. held that the settlement did not breach data protection laws as IP addresses in the hands of the record companies which do not identify subscribers are not “personal data”. He said that copyright is flagrantly violated by music theft and the sanction of terminating access is not excessive. Eircom’s terms and conditions stated that copyright must not be infringed and subscribers have agreed to these terms.]
High Court:  Irish Red Cross v UPC and Google (Unreported, 2010) [see news coverage here and here]
[confidentiality, breach, privacy, disclosure, alleged infringer, hosting provider, blog, liability of blog host]
[According to website reports, it appears that the High Court ordered that UPC and Google reveal the name of an anonymous blogger who allegedly breached confidentiality on the Blogger website.  Originally Google Ireland was named as defendant but the court permitted Google Inc to be substituted.] 
High Court, EMI v Eircom [2009] IEHC 411
[copyright, access provider, ISP, torrent, ThePirateBay, website blocking order, graduated response]
[Record companies had reached a settlement with a large ISP (Eircom) instituting a graduated response system. The court ordered, on application by the record companies, that Eircom should block access to the Pirate Bay website. The court based its decision on s.40(4) of the Copyright and Related Rights Act 2000 and the Information Society Directive 2001.]  
[defamation, libel, hosting provider, gambling, chatroom, forum, E-Commerce Directive, hosting defence]
[Betfair was a gambling site which also operated internet forums (chatrooms) where users could discuss sports events and other issues. The plaintiffs alleged defamation by forum users. As a preliminary issue, Betfair successfully relied on the hosting defence in the E-Commerce Directive as implemented by the 2003 Regulations. The court found that the gambling exception to the Directive and Regulations did not apply as the forums were not directly connected to the gambling part of the site.] 
High Court, Ryanair v Johnston, 2005/514P, July 12, 2006 
[bullying, intimidation, privacy, hosting provider, bulletin board, website operator, moderator, members, liability, disclosure, identities, alleged infringers, Norwich Pharmacal order]
[This was an action against the operators and moderator of an internet site and bulletin board set up to facilitate discussions by Ryanair pilots.  Ryanair alleged that bullying and intimidation of pilots was taking place on the site and sought ‘Norwich Pharmacal’ orders to disclose the identities of certain users of the bulletin board. On reviewing the evidence, Smyth J. found that there was no evidence of bullying or intimidation or that Ryanair had suffered loss. He distinguished this case from EMI v Eircom, 2005 (see below) and the English case of Totalise v Motley Fool [2001] EWCA Civ 1897.  He also stated that a balance needed to be struck between justice and privacy.]   
High Court, EMI v Eircom [2005] IEHC 233 
[copyright, privacy, confidentiality, access provider, disclosure, identities, alleged infringers, Norwich Pharmacal order]
[Record companies requested Eircom, a large ISP, to provide identities of 17 customers who were allegedly infringing copyright. The High Court ordered that customers’ identities should be passed to the ISP, based on the UK tort case of Norwich Pharmacal v Customs & Excise [1973] UKHL 6. The court also relied on the Canadian case of BMG Canada v Doe 2004 FC 488.] 


A Guide to the European Communities (Directive 2000/31/EC) Regulations 2003, http://www.djei.ie/publications/trade/2003/ecommercedirectiveguide.doc
Data Protection Commissioner, www.dataprotection.ie
Data Protection Commissioner, Final report of Audit of Facebook Ireland (2011) and Facebook Ireland Audit Review Report (2012), http://dataprotection.ie/docs/Facbook-Audit/1290.htm 
Digital Rights Ireland, http://www.digitalrights.ie
Information Technology Law in Ireland – Denis Kelleher and Karen Murray, http://ictlaw.com
Information Technology Law in Ireland – TJ McIntyre Blog, http://www.tjmcintyre.com
Internet Content Governance Advisiory Group, Report of the Internet Content Governance Advisory Group (2014), http://www.dcenr.gov.ie/NR/rdonlyres/0BCE1511-508E-4E97-B1A9-23A6BE9124A...
Internet Hotline, www.hotline.ie  
Joint Committee on Transport and Communications, Addressing the Growth of Social Media and Tackling Cyberbullying (2013), www.oireachtas.ie/parliament/media/Report-on-Social-Media-July-2013-Webs...
Office for Internet Safety, http://www.internetsafety.ie


Darius Whelan
Lecturer in Law, University College Cork  


Please use this form to provide your feedback or suggest any amendments or updates to this page.