PayPal must hand over user data of copyright infringers – if available
Your contact person
According to a judgement by the Hamburg Regional Court, the payment provider PayPal must hand over users’ personal data to the rights holders in the event of copyright infringements.
Holder of exploitation rights takes PayPal to court after unsuccessful request
In the corresponding dispute, the owner of all exploitation rights to works by the artist ‘Max Mutzke’ had discovered a collection of links on a website that enabled the download of the singer’s album ‘Max’.
The operator of the website was requested to disclose the name and address of the owner of the link collection – these were not available at first, but he stated that the creator of the downloads regularly used the PayPal platform to make payments to the operator.
The plaintiff then turned to the payment provider with her enquiry. However, the Luxembourg-based company refused to pass on the data in view of the banking secrecy that applies there.
Regional court takes PayPal to task
However, the LG Hamburg ruled by way of preliminary injunction on the publication of the information (LG Hamburg, Urteil vom 22.3.2017, Az. 308 O 480/16).
The decisive standard here was § 101 UrhG, which in principle grants the owner of Copyrights in the event of misuse. According to Section 101 (2) No. 3 UrhG, in the case of obvious copyright infringements, there is also a right to information against a person who has provided services used for infringing activities on a commercial scale.
Pursuant to Section 101 (3) No. 1 UrhG, the provider must provide information about the name and address. As the owner of the link collection had paid for it via PayPal (whereby PayPal became the service provider), the provider could be held liable as a (co-)responsible party in the opinion of the judges.
Banking secrecy does not count
The alleged breach of banking secrecy cited by PayPal was also deemed not to have occurred: Under Luxembourg law, such a breach is generally excluded if the disclosure of a communication is authorised or required by or on the basis of a statutory provision. Section 101 (2) UrhG constitutes such a statutory provision.
The less data there is, the less needs to be released
The case is also interesting in terms of data protection law. Already now, the Data protection law stipulates that data may only be collected sparingly and then only transmitted if the data subject has given their consent or if there is an authorisation requirement. Even after the state enforcement measure, the interim injunction by the Hamburg Regional Court, PayPal was naturally only able to disclose what the company had collected from the user at some point.
The present case thus clearly shows how important the principle of data minimisation provided for by the legislator is in practice, even at a later date, which incidentally is The application of the EU General Data Protection Regulation (GDPR) will be tightened and penalised with very high fines.
The obligation of the service provider to enable the use of telemedia and its payment anonymously or under a pseudonym, as stipulated in Section 13 (6) of the German Telemedia Act (TMG) and ridiculed by many, also significantly determines the content of any right to information, which, incidentally, may not only exist under civil law, but may also be asserted by criminal investigation authorities. This is particularly relevant, for example, in the case of Clear name requirement on Facebook, which the Berlin Regional Court has thankfully put a stop to with a recent judgement that is not yet legally binding. We reported here:
Put simply, what is not there cannot be given out.
Claim for the disclosure of personal data in the event of copyright infringements easy to obtain
The relatively low requirements for joint liability for copyright infringement and the associated duty to provide information are also likely to be particularly striking in this decision: PayPal itself had of course not uploaded the album in question to the internet – however, in the court’s opinion, the provision of the technical requirements already constituted a contribution to the offence that established joint liability. Whether PayPal had actually made the links available was irrelevant.
Related posts
Multiple awards.
