Scott Mulligan and Alexandra Grossman, SOPA, PIPA, HADOPI and Privacy, the Alphabet Soup Experience:  What America Might (or Might Not) Learn from the Europeans About Protecting Consumers’ Privacy and Internet Freedom from Intrusive Monitoring by Third Parties (and the Government).

Comment by: Jason Schultz

PLSC 2012

Workshop draft abstract:

In early 2012, the United States Congress seemed determined to move forward with two controversial copyright and trademark enforcement bills, the “Stop Online Piracy Act” (SOPA, H.R. 3261)  and the “Protect IP Act” (PIPA, S. 968). Though those bills have largely been set aside in the face of a considerable backlash, Congress has more recently considered slightly watered-down versions of similar legislation, including the “Online Protection and Enforcement of Digital Trade Act,” (OPEN, S. 2029).   Each of these proposed bills, much like previously-enacted counterpart laws in France (the Creation and Internet Rights Law, or “Haute autorité pour la diffusion des œuvres et la protection des droits sur Internet,” HADOPI),  SOPA, PIPA and OPEN each attempt to address the problem of Internet-based intellectual property (IP) piracy, particularly from overseas sources. However, because of France’s philosophy of strong information privacy protection, while the US traditionally has had one of strong IP protection, these disparate approaches would assumedly obtain different results because each country’s context and understanding of information privacy is so different.

While laudable in their effort to address this wide-ranging and complex 21st century problem, each of these laws nevertheless present unique challenges to individual privacy. In their current form, they require ISPs, social networking sites and other content platforms to proactively monitor and screen individual users’ content and traffic, and then to actively censor their users to prevent them from posting, sharing or linking to words, images or other content which might violate another’s IP rights. Thus dramatically shifting the enforcement burden and commensurate liabilities, website operators and ISPs who fail to act promptly could be blacklisted and prosecuted, and the proposed legislation would even empower the U.S. Attorney General to block infringing websites or users based anywhere in the world.

Unfortunately, these bills’ and laws’ legal and technical solutions are very similar to mechanisms that authoritarian regimes use to censor and spy on their citizens, to repress “undesirable” voices and to enable private interests, acting under government authority, to suppress speech, comment, criticism and public debate of those private interests or of the government.   Ironically, it is often copyright enforcers who, using it as a weapon, attempt to make privacy claims for themselves when attempting to protect corporate or personal interests, typically when the owner could not sustain an unlawful interception, trade secrets misappropriation, or invasion of privacy claim.   Further, in terms of the third party doctrine, these new laws offer governments unparalleled and unprecedented opportunities to collect private information by and about individual citizens, outsourcing this mandatory data collection to the third party providers who, acting under color of these laws, amass vast quantities of personal information which may be of interest to the government for law enforcement or counterterrorism purposes.

This article will examine the proposed bills in the United States, their specific implementation and enforcement mechanisms, and compare them to the previously-enacted laws in France. Necessary pre-enactment changes to those laws there briefly revived a philosophy regarding individual privacy and freedom, especially on the Internet.  In so doing, the French further committed themselves to viewing privacy and freedom of expression as fundamental human rights, while the American approach remains bluntly oriented toward corporate and government interests.  However, with subsequent decisions by various French courts, the French legal system once again swung in favor of intellectual property rights, at the expense of the information privacy and freedom of individual Internet users.  This article will examine the similarities and differences between the two legal systems, reveal the differing approaches to intellectual property and privacy on opposite sides of the Atlantic and suggest a new approach that would better protect personal privacy and Internet freedom in a democratic society, on either continent.