Following the lead of the United States, the EU began publishing its own piracy watchlist in 2018.
The bi-annual Counterfeiting and Piracy Watchlist is compiled by the European Commission. As in the United States, it is based on submissions from groups of copyright holders who report problematic sites and services.
Rights holders are happy to contribute. In addition to reporting sites and services that blatantly engage in copyright infringing activities, they also take the opportunity to seek broader cooperation from third-party services. In some cases, this leads to concrete suggestions that go beyond what the law requires.
List anti-piracy requirements
For example, in its latest submission, music industry group IFPI suggested that third-party services should implement strong “know your customer” policies. This also applies to the popular CDN and Cloudflare proxy service.
“CloudFlare should exercise due diligence to confirm who its customers are and establish their proposed and actual businesses,” IFPI wrote.
Other rights holder groups have made similar suggestions. For example, the film industry’s MPA pointed out that online intermediaries such as CDNs, domain registrars and hosting companies should stop offering their services to customers who are not properly verified.
These are understandable requests from rights holders, who can use every bit of information to track down the operators of problematic sites. However, these verification requests are not cemented in EU law, so the services are not legally required to screen all customers.
Cloudflare calls on EU to focus on ‘unlawful’ acts
This last point was also highlighted by Cloudflare, which sent a rebuttal to the European Commission after being flagged by several rights holders as a potential candidate for the piracy watchlist.
The San Francisco company has millions of customers worldwide. These include governments and copyright holders, but also many smaller sites that take advantage of the CDN and platform security features.
In its rebuttal, Cloudflare supports the watchlist initiative. However, he urges the EU to limit the sites and services listed to those that actually appear to be acting against the law, not those that violate the wishes of all copyright owners.
“The Commission should not publish any report – even informal – that is merely a mechanism for particular stakeholders to air their grievances that entities are not taking particular voluntary action to address their concerns or to advocate for them. favor of new policies.
Listing companies such as Cloudflare based solely on complaints from copyright holders could give the impression that the EU supports such claims, the company argues. This could potentially impact ongoing legal discussions and policy debates.
“Our view is that the Commission staff document and watchlist should be limited to allegations of unlawful behavior verified by the Commission, based on principled and fair legal standards,” Cloudflare notes.
“Verification is an indirect threat to security”
In addition to this broader criticism, the company also argues that some of the rightsholders’ claims could prove problematic. For example, a thorough verification process would involve significant costs, which could mean that the company is unable to maintain its free offer.
Therefore, smaller sites may lose the benefit of the free protection offered, as they cannot afford to pay for the service.
“Changing this online registration process, which complies with applicable law, to require manual review of new accounts would make it impossible to offer these free services at scale, degrading the Internet experience for all users and making much of the web more vulnerable to cyber attack,” Cloudflare writes.
The CDN provider also points out that it already goes beyond what the law requires to help rights holders. For example, it works with “trusted notifiers” that can request the originating IP addresses of problematic sites, when these are reported.
These and other voluntary measures have already been outlined in a separate communication to the US government. According to Cloudflare, the company is showing goodwill while complying with all applicable laws.
Several of the rights holder groups complaining about Cloudflare are also “trusted notifiers.” While it does indeed help to know where sites and services are hosted, they believe it is not enough.
The IFPI, for example, mentions that Cloudflare apparently does very little to address customers for which it receives a large number of complaints.
“[N]notifications or requests for information within the framework of the “trusted flagger” program must give rise to a significant action vis-à-vis the client. The program must feed a recidivism policy, but in the case of CloudFlare, there is no evidence that it does.
It’s clear that copyright holders and Cloudflare have different views on how to tackle the piracy problem. Whether the EU feels this warrants a mention on the piracy watch list remains to be seen.
Cloudflare was mentioned in the first EU watchlist in 2018, but was removed from the next release. If it depends on the San Francisco CDN provider, it will remain off the list in the future.
“The Watchlist is not the appropriate place to advocate new policies regarding what online service providers should collect from their users,” the company writes.
Comments are closed.