Fighting piracy efficiently

The measures to combat piracy are aimed not only at respecting the rights of creative artists and remunerating them for their work, but also at producers being able to better enforce their rights and thus secure their investments. Apart from this, anti-piracy measures also strengthen the position of intermediaries on the market and foster the creation of diverse legal offers for consumers.


Anti-piracy measures are to be implemented where they are most effective, i.e. with hosting providers who can act quickly and in a targeted manner. They are the ones who can ensure that their servers do not host platforms for piracy and can quickly remove affected content in cases of copyright infringement. The draft act therefore contains a "stay down" obligation. In future, a hosting provider that creates a particular threat for copyright infringement must ensure that copyright-infringing content that has already been removed once remains off their servers.


In addition, the draft act also clarifies that the processing of data for criminal prosecution of copyright infringement is permissible. Both of these measures end a long debate on the obligations of providers and thus create legal certainty for all parties.


Duty of hosting providers ("stay down")


Hosting providers are in future to be held more accountable in order to better protect authors. They usually react quickly to notifications from rights owners by removing copyright-infringing content from their servers (known as a takedown). For example, if a musician discovers that their single, which is not yet officially available on the market, is made illegally accessible by a third party via a hosting provider’s server, the hosting provider will promptly remove the music file upon notification from the musician.


However, some "rogue" hosting providers deliberately encourage copyright infringement in order to generate advertising and subscription revenues. Such hosting providers are therefore not interested in permanently removing copyright-infringing content from their servers, with the result that deleted content is often re-uploaded onto their servers within minutes. For the affected rights owners, this means that they have to report the copyright infringement to the hosting provider again.


This game of cat and mouse will now be stopped. Any hosting provider that creates a particular risk of copyright infringement will now have to ensure that once copyright-infringing content is removed from their servers, it remains off their servers – this is known as a stay down.


Legal basis for data processing for the criminal prosecution of copyright infringement


When copyright infringement occurs on the internet, for example by illegally making films or music files available online, rights owners usually do not know who exactly is responsible for this infringement. They can only determine which IP address the copyright infringement came from, i.e. the connection used by the infringer. However, the rights owner cannot request the identification of the subscriber from the telecommunications service provider because it is prohibited by telecommunications confidentiality.


In such cases, the rights owners can only take criminal action against the infringer. In order to be able to do this, rights holders have to save the IP addresses and submit these records as part of a criminal complaint to the competent authorities. Since the "Logistep" decision of the Federal Supreme Court, the extent to which collecting IP addresses is legal is surrounded with uncertainty in terms of data protection law. According to the Federal Supreme Court, the collecting of IP addresses by Logistep AG was an illegal processing of personal data and did not conform with data protection law.


By establishing a basis for processing data, these uncertainties are now being eliminated. In order to be able to file criminal charges for copyright infringement, rights owners will be allowed to process personal data in the future. The revision conforms with the recommendations of the Federal Data Protection and Information Commissioner.