The European Copyright Directive: Potential impacts on free expression and privacy

In 2019, the European Parliament approved the Copyright in the Digital Single Market Directive, giving member states until June 2021 to enact new national laws reflecting its provisions. The Copyright Directive has been highly controversial, largely due to well-founded concerns that it will undermine the free expression of individual internet users, who will risk having content they attempt to post blocked from publication by companies wary of running afoul of new copyright laws.

Adding to the confusion is the fact that an EU directive is not itself law; rather, it is a framework that forms a basis for member states to draft their own laws. While the final form that national-level copyright law in the EU will take under the Copyright Directive is still a work in progress in most member states, the requirements of the Copyright Directive leave little doubt that it will force companies that host user-generated content to take far more aggressive steps than in the past to attempt to identify and filter out copyrighted content. When these companies choose to err—as they inevitably will—on the side of caution, individual internet users will experience greater impediments to posting and accessing online content.

How Will Copyright Law in the EU Change?

In the U.S. and (prior to the Copyright Directive) in the EU, internet services enjoy “safe harbor” protection from liability when their users post infringing content. In the U.S., this protection is provided by the Digital Millennium Copyright Act. In the EU, internet services have long relied on the liability protections provided in accordance with Directive 2000/31. While these frameworks differ in their specifics, they both require internet services to remove copyrighted content once a rightsholder has informed them that it was posted without authorization. Importantly, they both free internet services from the obligation to proactively identify copyright infringements on their own.

In general, these frameworks have worked. So what changed? One factor is that tech companies have fallen from favor, perhaps nowhere more than in the eyes of EU legislators and regulators. The entertainment industry saw growing EU political will to regulate tech companies as an opportunity to push for extensions of copyright law and limits on how copyrighted content is shared online.

In the EU, Article 17 of the Copyright Directive stands to replace the safe harbor with a major overhaul of the liability rules for online platforms. Rather than relying on rightsholders to monitor the internet for infringing content and submit takedown notices, Article 17 saddles internet services (or, more formally, “online content-sharing service providers”) with a much more burdensome set of affirmative obligations regarding copyrighted content. This will force internet services to be far more cautious in the content they allow users to post—risking making the internet less diverse, interesting, equitable, and useful.

What are Internet Services Required to Do?

Article 17 imposes three main obligations on internet services. First, they are required to make “best efforts” to obtain licenses from rightsholders for content appearing on their sites, including when that content is posted by their users. This will raise enormous challenges due to the sheer number of people posting content online. In addition, there are important jurisdictional questions given that a person who uploads content, another person who views that content, and the multiple computers used to store and deliver the content over the internet may each be located within or outside the EU. To which of the many different possible location combinations of the people and computers involved does the requirement apply? Furthermore, the Copyright Directive leaves ambiguity regarding what it means to make “best efforts” to license content.

Second, Article 17 requires all but the newest, smallest internet services to use “best efforts to ensure the unavailability of specific works” identified by rightsholders. For example, under this requirement, a photo licensing agency could provide a social media company with a library of copyrighted photos which the social media company would then be required to block from being posted. One of the many challenges this will pose relates to the interpretation of “specific works.” Does that term apply only to exact digital copies of the copyrighted works in the library? Or to all versions (e.g., a photograph that has been edited) of those works? And given the imperfect nature of automated detection technologies, how are works subject to this requirement supposed to be identified? Another challenge is context: A photographer’s shot including a billboard in the background containing a copyrighted image in the library might wind up deleted by automated software.

The third requirement, which also applies to all but the newest, smallest internet services, requires those services to make “best efforts” to block future uploads of content that has previously been removed pursuant to a takedown notice. This will force internet services to implement filters to check every piece of content uploaded to the site against a database of known copyrighted works. If the upload matches a piece of content in the database, it must be blocked. Again, there is a challenge related to scope: Will edited, altered, or derivative versions of these works also need to be removed? And how will detection technologies draw the line?

An additional major issue is that while the Copyright Directive rightly exempts certain permitted uses of copyrighted content—including parody, criticism, caricature, and quotation — from the above requirements, distinguishing between acceptable and copyright-violating uses is hard enough for humans and near-impossible for even the best automated systems, which lack both a critical eye and a sense of humor. Internet services will have a financial incentive to over-filter, thus blocking from publication on copyright grounds content that in fact would not raise any copyright concerns if published.

The Role of Social Media Companies

These changes will also have the effect of adding another layer of mediation. To comply with the new EU copyright laws, social media companies will need to develop their own policies and algorithms for performing the requisite content filtering, for determining when content falls under an exception such as parody or criticism, and for identifying rightsholders and pursuing licenses for content appearing on their web sites. These policies—which will not necessarily be publicly disclosed—will have an enormous impact on which voices and opinions do and do not get heard online. And, the combination of more stringent takedown requirements and a greater role for tech companies in mediating content will make it more likely that non-infringing content will be removed and that rightsholders will overuse the takedown process.

Protecting Individual Internet Users

Fortunately, there are some steps that can help mitigate, though not completely avoid, some of the negative consequences of the Copyright Directive. As the Electronic Frontier Foundation has highlighted, it will be important to ensure that national-level laws implementing the Copyright Directive are drafted in a manner to preserve user rights including free expression and privacy. It will also be important to ensure that compliance with the Copyright Directive does not lead to violations of the General Data Protection Regulation (GDPR), the EU’s digital privacy framework.

It is also possible that the Copyright Directive itself could change. In an ongoing case in the Court of Justice of the European Union, Poland has asked the court to annul the requirements of Article 17 relating to ensuring the unavailability of specific works and performing content filtering, arguing that they undermine freedom of expression. And even if the Copyright Directive remains unchanged, the June 2021 implementation date may not hold. Martin Schaefer, an attorney and partner of the firm of Boehmert & Boehmert in Berlin who has been advising clients concerning the implementation of the Copyright Directive since it was issued, explains that “it is not uncommon” for highly controversial directives to be implemented late. He also notes that member states sometimes proceed “step by step, implementing the less controversial issues first.”

Finally, as the global impact of GDPR has demonstrated, what happens in European internet law does not necessarily stay in Europe. The implementation of the Copyright Directive in EU member states may lead to pressure on countries outside the EU to make similar changes. It will be important for legislators in the United States and elsewhere to avoid overly aggressive updates to internet copyright law that would have the unintended consequence of undermining user privacy and free expression.