49

Relevant and derived from the aforementioned fundamental rights is in particular the Netlog decision of the CJEU: [53] The case concerned a lawsuit of a Belgian collecting society against a service provider (social network) requiring it to proactively investigate all data transfers or activities for the purposes of copyright infringement.

50

In the Netlog decision the CJEU explicitly referred to the rights of freedom of expression and information, guaranteed in the EU Charter of Fundamental Rights in order to declare a general monitoring procedure, as demanded by the Belgian collecting company SABAM towards Netlog – a service provider – inadmissible. For the requested filter system, the CJEU initially stated:

“36 In that regard, it is common ground that implementation of that filtering system would require:

first, that the hosting service provider identify, within all of the files stored on its servers by all its service users, the files which are likely to contain works in respect of which holders of intellectual-property rights claim to hold rights;

next, that it determine which of those files are being stored and made available to the public unlawfully; and lastly, that it prevent files that it considers to be unlawful from being made available.

37 Preventive monitoring of this kind would thus require active observation of files stored by users with the hosting service provider and would involve almost all of the information thus stored and all of the service users of that provider (see, by analogy, Scarlet Extended, paragraph 39).

38 In the light of the foregoing, it must be held that the injunction imposed on the hosting service provider requiring it to install the contested filtering system would oblige it to actively monitor almost all the data relating to all of its service users in order to prevent any future infringement of intellectual-property rights. It follows that that injunction would require the hosting service provider to carry out general monitoring, something which is prohibited by Art. 15(1) of Directive 2000/31 (see, by analogy, Scarlet Extended, paragraph 40).”

51

These statements are of particular interest to the present question, since they show the proximity of the duties examined at that time to those of Art. 17 DSMD.

52

With regards to the fundamental rights concerned, the CJEU maintains – in continuation of the principles already outlined in the Promusicae decision – that the protection of intellectual property rights under Art. 17 (2) ECFR is not limitation-free and unconditionally guaranteed, i.e., a consideration regarding fundamental rights of other affected parties has to be made. [54] Accordingly the CJEU stresses in the Netlog decision:

“44 Accordingly, in circumstances such as those in the main proceedings, national authorities and courts must, in particular, strike a fair balance between the protection of the intellectual property right enjoyed by copyright holders and that of the freedom to conduct a business enjoyed by operators such as hosting service providers pursuant to Art. 16 of the Charter (see Scarlet Extended, paragraph 46).”

53

For the fundamental rights of service providers, the CJEU considers such an obligation to monitor general research, or to verify the content to be in violation of fundamental rights:

“46 Accordingly, such an injunction would result in a serious infringement of the freedom of the hosting service provider to conduct its business since it would require that hosting service provider to install a complicated, costly, permanent computer system at its own expense, which would also be contrary to the conditions laid down in Art. 3(1) of Directive 2004/48, which requires that measures to ensure the respect of intellectual-property rights should not be unnecessarily complicated or costly (see, by analogy, Scarlet Extended, paragraph 48).

47 In those circumstances, it must be held that the injunction to install the contested filtering system is to be regarded as not respecting the requirement that a fair balance be struck between, on the one hand, the protection of the intellectual-property right enjoyed by copyright holders, and, on the other hand, that of the freedom to conduct business enjoyed by operators such as hosting service providers (see, by analogy, Scarlet Extended, paragraph 49).”

54

But the CJEU does not only see the fundamental rights of the provider as disproportionately impaired, but also those of the users:

“48 Moreover, the effects of that injunction would not be limited to the hosting service provider, as the contested filtering system may also infringe the fundamental rights of that hosting service provider’s service users, namely their right to protection of their personal data and their freedom to receive or impart information, which are rights safeguarded by Art.s 8 and 11 of the Charter respectively.

49 Indeed, the injunction requiring installation of the contested filtering system would involve the identification, systematic analysis and processing of information connected with the profiles created on the social network by its users. The information connected with those profiles is protected personal data because, in principle, it allows those users to be identified (see, by analogy, Scarlet Extended, paragraph 51).

50 Moreover, that injunction could potentially undermine freedom of information, since that system might not distinguish adequately between unlawful content and lawful content, with the result that its introduction could lead to the blocking of lawful communications. Indeed, it is not contested that the reply to the question whether a transmission is lawful also depends on the application of statutory exceptions to copyright which vary from one Member State to another. In addition, in some Member States certain works fall within the public domain or may be posted online free of charge by the authors concerned (see, by analogy, Scarlet Extended, paragraph 52).” [55]

55

This interpretation of the ban of general monitoring obligations largely corresponds to the distinction between general and specific monitoring obligations already derived in Member States such as Germany. [56] Crucial here is less the quantity of inspections, but rather whether it takes place for a specific cause or regardless of any reason. [57] The ban of general monitoring obligations refers to inspections that are not triggered by a specific notification of the rightholder and which concern the complete content of the offer (of the platform). On the other hand, obligations that are imposed on the provider by a court or by authorities are not covered by the ban [58] and, by reason of a specific case, require, e.g., to eliminate a specific infringement. Thus, specific monitoring obligations subsequent to an order to prevent a similar breach of the law (“stay-down”) are not covered by the ban on non-prompted monitoring obligations [59] - which the CJEU in the decision Glawischnig-Piesczek has recently confirmed. [60] However, Art. 15 (2) ECD allows (only!) national authorities to oblige providers to provide information about alleged unlawful activities or information.  [61] However, this exception does not apply to private law claims.

56

In the field of trademark law, the CJEU held the same view in the decision L’Oréal versus eBay [62] regarding court orders against the service provider eBay concerning similar infringements:

“139 First, it follows from Art. 15 (1) of Directive 2000/31, in conjunction with Art. 2 (3) of Directive 2004/48, that the measures required of the online service provider concerned cannot consist in an active monitoring of all the data of each of its customers in order to prevent any future infringement of intellectual property rights via that provider’s website. Furthermore, a general monitoring obligation would be incompatible with Art. 3 of Directive 2004/48, which states that the measures referred to by the directive must be fair and proportionate and must not be excessively costly.

140 Second, as is also clear from Art. 3 of Directive 2004/48, the court issuing the injunction must ensure that the measures laid down do not create barriers to legitimate trade. That implies that, in a case such as that before the referring court, which concerns possible infringements of trade marks in the context of a service provided by the operator of an online marketplace, the injunction obtained against that operator cannot have as its object or effect a general and permanent prohibition on the selling, on that marketplace, of goods bearing those trade marks.”

57

Even if the CJEU does not explicitly enter into a fundamental rights assessment here, [63] these reasons do again show, that the service provider does not have to check the complete content initiatively for any possible violation.

Accordingly, orders against service providers that oblige them to identify the participants on the platforms are permissible (despite the required data protection), as well as to prevent similar infringements. [64]

58

In addition, constitutional courts such as the European Court of Human Rights expressly referred to “chilling effects”  [65] on the freedom of expression of the users due to a general control of the communication behavior, as well as due to “overblocking” of legally compliant contents. [66] With regard to the DSMD, the obligation to filter content and the shift of action to the user which have to claim their rights individually against the service provider is likely to lead to an inactivity of users, even if they are justified, and, on the other hand, to a blocking of content in case of doubt by service providers in order to avoid sanctions, thus resulting in “chilling effects” against freedom of expression. [67]

59

It is questionable whether the constellation underlying the Netlog decision is comparable to Art. 17 DSMD – and as such would fall victim to the verdict of European illegality concerning fundamental rights. As already stated, this would not be the case for Art. 17 (4) (b) DSMD, since inspections by the service provider relates only to information provided by the rightholder; a general monitoring or inspection of fundamental significance is not implied as this obligation depends explicitly upon information given by rightholders, hence, not regardless of such information and not proactively so that the principles of the Netlog decision would not intervene. [68]

60

However, to consider only Art. 17 (4) (b) DSMD would - as indicated - fall too short: [69] Primarily, Art. 17 (1), (4) (a) DSMD forces the service provider to inspect all content in order to determine whether any content on his platform violates copyrights of rightholders – since as stated above, Art. 17 (1) DSMD extends the right of public availability onto the service provider, and therefore, makes him an immediate culprit. The service provider must therefore - as formulated in Art. 17 (4) (a) - “make every effort” to obtain licences. Only if he has failed to do so (Art. 17 (4) (a): “and”) Art. 17 (4) (b) DSMD intervenes. However, this compellingly requires that the service provider ensures himself regarding the existing contents and their legal situation; [70] otherwise the obligation in Art. 17 (1) (4) (a) DSMD to obtain licenses makes no sense. Which licenses should he obtain if the service provider does not know which content requires a license? Hence, as a first step the service provider has to check and to reassure himself which content has to be licensed. Hence, he has to proactively control the content – without regard to any information given by rightholders, and not restricted to such an information. Thus, the principles stated by the CJEU in the Netlog decision are clearly violated as Art. 17 (1), (4) a) DSMD introduces a proactive obligation to inspect without restrictions, such as in art. 17 (4) b) DSMD concerning information provided by rightholders.

61

This also applies to interpretation efforts by some authors that, given the complex rights collection and impossibility to control all content, are based on the principle of proportionality and only require the service provider to “moderate due diligence”. [71] This may apply with regard to obtaining licenses itself, but does not change the fact that in the first instance all content has to be inspected to see if it violates any rights at all, and if so which. Since the obligation under Art. 17 (1), (4) (a) DSMD - and not under Art. 17 (4) (b) DSMD – resembles the general inspection claimed for in the Netlog case, such an obligation violates the ban on the general monitoring obligation. [72] In other words, Art. 17 (1), (4) (a) DSMD infringes the appropriate consideration of the affected fundamental rights, of the providers, as well as of the affected users, towards those of the rightholders.

62

In this context, as a precautionary measure, the term “upload filter” is inappropriate insofar as not just the controlling during the uploading of user-generated content is at stake, but the general monitoring of content on the platform – due to the obligation to obtain licenses.

63

It should also be considered that according to the system of Art. 17 (4) and (9) DSMD - the appeal procedure - content is first disabled or blocked and is only released after a complaint by the user. This creates, however, the above-mentioned “chilling effects” for freedom of expression, especially when content refers to current events [73] to which the complaint procedure would not be adequate due to loss of time. This is most evident when livestreams are blocked for which a complaint procedure results in the loss of the live character as they will be unlocked only after the streamed event. [74] Again, it would be more than unclear what “moderate due diligence” would mean, as the service provider would have to quasi constantly or at least randomly check the livestream in order to constantly monitor the legality of the streaming.

64

Finally, there is reason to fear that, even under Art. 17 (4) (b) DSMD, when restricting monitoring of the content supplied by rightholders, these lists of content will be so comprehensive that in fact a general monitoring of all content does occur. [75]

65

Some authors plead for a restrictive interpretation of Art. 17 (4) DSMD in order to prevent the EU fundamental rights being violated due to the general monitoring duty. [76] Accordingly, the service providers should be supposed to act only upon pursuant information and notification and should obtain licenses subsequently (!). This should be justified by Recital 66 (5) DSMD, as well as by Art. 17 (4) (b) DSMD. [77] However, this position fails to recognize the two-tier system of Art. 17 (1), (4) (a) and (4) (b) DSMD; the fact that the liability privilege of Art. 17 (4) (b) DSMD depends on the fact that the service provider has beforehand or in advance (!!) made an effort to obtain licenses etc. cannot be denied. Accordingly, Recital 66 (5) DSMD also does not refer to Art. 17 (1), (4) (a) DSMD, but to Art. 17 (4) (b) und c) DSMD, [78] which is clearly identifiable on the basis of the wording.

67

In the UPC Telekabel decision, the CJEU again stresses the statement, already made in Netlog and before that in the Promusicae decision, that a careful balance must be struck between the fundamental rights of rightholders on the one hand and that of users and providers on the other:

“46 The Court has already ruled that, where several fundamental rights are at issue, the Member States must, when transposing a directive, ensure that they rely on an interpretation of the directive which allows a fair balance to be struck between the applicable fundamental rights protected by the European Union legal order. Then, when implementing the measures transposing that directive, the authorities and courts of the Member States must not only interpret their national law in a manner consistent with that directive but also ensure that they do not rely on an interpretation of it which would be in conflict with those fundamental rights or with the other general principles of EU law, such as the principle of proportionality (see, to that effect, Case C-275/06 Promusicae [2008] ECR I-271, paragraph 68).”

68

With regard to the right of entrepreneurial freedom, however, the CJEU considers that there is no restriction on the right in selection of agents for the providers and the subsequent discharge of liability:

“52 First, an injunction such as that at issue in the main proceedings leaves its addressee to determine the specific measures to be taken in order to achieve the result sought, with the result that he can choose to put in place measures which are best adapted to the resources and abilities available to him and which are compatible with the other obligations and challenges which he will encounter in the exercise of his activity.

53 Secondly, such an injunction allows its addressee to avoid liability by proving that he has taken all reasonable measures. That possibility of exoneration clearly has the effect that the addressee of the injunction will not be required to make unbearable sacrifices, which seems justified in particular in the light of the fact that he is not the author of the infringement of the fundamental right of intellectual property which has led to the adoption of the injunction.”

In view of the above-mentioned obligations according to Art. 17 (1) DSMD, this is certainly of importance as the liability-relieving effect is seemingly used by the CJEU in order to rule out a violation of fundamental rights.

69

However, the CJEU also emphasizes the protection of users’ (basic) rights with regard to their freedom of information:

“56 In this respect, the measures adopted by the internet service provider must be strictly targeted, in the sense that they must serve to bring an end to a third party’s infringement of copyright or of a related right but without thereby affecting internet users who are using the provider’s services in order to lawfully access information. Failing that, the provider’s interference in the freedom of information of those users would be unjustified in the light of the objective pursued.

57 It must be possible for national courts to check that that is the case. In the case of an injunction such as that at issue in the main proceedings, the Court notes that, if the internet service provider adopts measures which enable it to achieve the required prohibition, the national courts will not be able to carry out such a review at the stage of the enforcement proceedings if there is no challenge in that regard. Accordingly, in order to prevent the fundamental rights recognised by EU law from precluding the adoption of an injunction such as that at issue in the main proceedings, the national procedural rules must provide a possibility for internet users to assert their rights before the court once the implementing measures taken by the internet service provider are known.”

70

Again, for Art. 17 DSMD, it is important that users can assert their rights to a sufficient extent and with procedural certainty, let it be freedom of information or freedom of expression (and here e.g. freedom of citation etc., Art. 17 (7) et seq. DSMD). [81]

71

The obligation of access providers to block websites therefore affects the freedom of information under Art. 11 (1) sent. 2 ECFR, [82] since disabling access to content constitutes a hindrance of informing the internet user. The freedom of information protects the simple use of information as well as the active procurement of the same, [83] in particular if access to information is definitively denied. [84] It cannot be excluded that - due to the usually not 100% error-free working filter systems – besides the blocking of impermissible content also permissible content might be disabled, hence resulting in a significant impairment regarding the freedom of information of users (so-called overblocking). [85] Exactly at this point parallels to uploading content filters of service provider servers are obvious.

72

Even more clearly than in the decision of UPC Telekabel, the CJEU in the recent decision of Glawischnig-Piesczek versus Facebook Ireland [86] dealt with the delimitation of (prohibited) general monitoring obligations versus (permitted) specific monitoring obligations, as listed in recital 47 of the E-Commerce Directive, with regard to identical content (here: defamations etc.). In this context, the CJEU believes that a duty of the service provider to delete or block synonymous content would not lead to a general, especially not active monitoring obligation:

“37 In those circumstances, in order to ensure that the service provider at issue prevents any further impairment of the interests involved, it is legitimate for the court having jurisdiction to be able to require that service provider to block access to the information stored, the content of which is identical to the content previously declared to be illegal, or to remove that information, irrespective of who requested the storage of that information. In particular, in view of the identical content of the information concerned, the injunction granted for that purpose cannot be regarded as imposing on the service provider an obligation to monitor generally the information which it stores, or a general obligation actively to seek facts or circumstances indicating illegal activity, as provided for in Art. 15(1) of Directive 2000/31.”

73

However, the CJEU also recognizes that such an obligation on the part of the service provider may be accompanied by a substantive control of the “synonymous” content, which may in some circumstances lead to a general monitoring obligation when every single content uploaded by users has to be reviewed, in particular whether the relevant (new) content is largely similar or identical to the incriminated content. Therefore, the CJEU tries to limit these obligations:

“45 In light of the foregoing, it is important that the equivalent information referred to in paragraph 41 above contains specific elements which are properly identified in the injunction, such as the name of the person concerned by the infringement determined previously, the circumstances in which that infringement was determined and equivalent content to that which was declared to be illegal. Differences in the wording of that equivalent content, compared with the content which was declared to be illegal, must not, in any event, be such as to require the service provider concerned to carry out an independent assessment of that content.

46 In those circumstances, an obligation such as the one described in paragraphs 41 and 45 above, on the one hand — in so far as it also extends to information with equivalent content — appears to be sufficiently effective for ensuring that the person targeted by the defamatory statements is protected. On the other hand, that protection is not provided by means of an excessive obligation being imposed on the service provider, in so far as the monitoring of and search for information which it requires are limited to information containing the elements specified in the injunction, and its defamatory content of an equivalent nature does not require the service provider to carry out an independent assessment, since the latter has recourse to automated search tools and technologies.”

74

Accordingly, for the assumption of a specific monitoring obligation (which is permissible) it is sufficient that the provider can use automated techniques and that “specific details” are stated that allow a simple (probably automated) verification of similarity. In other words, the CJEU considers the use of automated technologies to be sufficient based upon “specific details” so that an active, general monitoring obligation by the provider is not yet assumed.

75

It is worth noting in this context that the CJEU does not carry out a fundamental rights assessment in contrast to the previous judgments, but instead sticks to abstract considerations with regard to the ban of general monitoring obligations in Art. 15 ECD. Nor is there any mention of opposing rights of the concerned users.

76

Applying the arguments of the described decisions of the CJEU to Art. 17 DSMD shows that Art. 17 (4) (b) DSMD should withstand the test of the Glawischnig-Piesczek decision, since, on one hand, the rightholders have to deliver the necessary information to providers (“specific details”); on the other hand, the usage of automated tools is open for providers.

77

However, this does not affect the obligation under Art. 17 (1) (4) (a) DSMD (the obligation to check content in order to obtain licenses) since the provider must first of all check the legality of the content itself and explicitly cannot rely on specific details provided by others that allow the usage of automated tools.

103

As explained above, Art. 17 (4) (b) DSMD is also fully harmonizing. Which procedures the service provider should apply is not further specified by Art. 17 (4) (b) DSMD; conversely, the freedom of the service provider to choose adequate tools within the limits of Art. 17 (4) (b) DSMD is not restricted. In any case, the procedures must meet “high industry standards”. Art. 17 (4) (b) DSMD thus refers to a non-legislative flexible standard which cannot be excluded or replaced by the national legislator. [115] This is valid as well for automated tools (upload filters); as mentioned already, Art. 17 (9) subpara. 1 DSMD expressly mentions human handling of complaints, which makes clear that in other cases the procedures in Art. 17 (4) (b) DSMD can be automated - and consequently cannot be excluded by the implementing Member State.  [116]

104

Some authors derive from the principle of proportionality in Art. 17 (5) DSMD that smaller or financially weak online platforms are exempt from the obligation to provide upload filters, since otherwise they would face insurmountable difficulties and new barriers to market entry would be erected which would also be in contradiction with the DSMD’s focus on innovation in the digital internal market. Therefore, Member States should have the power to “clarify” that such companies are only subject to the notice-and-take-down or stay-down obligation. [117] However, as already argued, this view is diametrically opposed by the exception afforded to start-ups in Art. 17 (6) DSMD, which was the subject of numerous discussions in the trilogue procedure. The originally envisaged exceptions for small and medium-sized enterprises were thus much more extensive than in the final version of Art. 17 (6) DSMD. [118] Only for the companies of Art. 17 (6) DSMD obligations of the service providers are reduced to Art. 17 (4) c) DSMD (notice-and-stay-down). This fundamental decision cannot be undermined via the “back door” of proportionality. [119] A corresponding Member State exemption which would go beyond Art. 17 (6) DSMD and would be decoupled from the individual case (which otherwise has to be determined by courts in the context of the proportionality test), cannot be reconciled with Art. 17 (6) DSMD.

105

Finally, when some authors argue that the service provider in general (!) only has to act on the basis of a notification or information provided [120] this is only true with regard to the system of Art. 17 (4) (b) DSMD but not with regard to Art. 17 (1), (4) (a) DSMD); it does not change the fact it is necessary to install a filter for the information about these rights. [121]

106

As explained above, Art. 17 (4) b) DSMD refers to high industry standards. However, the DSMD does not specify how these standards are to be defined, so that there is leeway for the Member States to define the procedures by which these standards are to be determined within the framework of the high standards customary in the sector. Within the framework of the implementation of Art. 17 (4) (b) DSMD, for example, committees and procedures could be set up here which may be comparable to national technical standardization - while at the same time ensuring that the state does not have any influence on the selection procedures or filters relevant for opinion-forming. At the same time, however, it must also be taken into account that these standards are “customary in the industry”, so that they must differentiate according to the type of service provider (e.g. video platforms such as YouTube and social networks such as Facebook).

107

How such standards are to be designed in concrete terms must be determined in cooperation with computer scientists and cannot be clarified within the framework of a legal opinion. The most conceivable effective measure here would be the “flagging” of content by users, so that this content is automatically sorted out and subjected to human examination.

108

It would also be conceivable to regard certain users who have not committed any infringements in the past as “trusted uploaders” who would be excluded from a filter beforehand. According to Art. 17 (5) DSMD it would also be necessary to consider the extent or scope of a copyrighted work used in a content in relation to the entire content, which could be an indication of a quotation, even if - as will be explained further - the DSMD does not know any de minimis limit.

109

Finally, it would still be possible to exclude ambiguous content from an upload filter beforehand and to transfer them to a human check; such an exception could be supported by Art. 17 (5) DSMD within the context of proportionality which also takes the nature of the contents into account. This would include, for example, the CJEU’s orientation described above towards automated procedures for content with similar meaning. However, this would still leave open the question of when there are inconclusive infringements.

110

However, all these proposals are ultimately subject to the premise that a) the standards are customary in the industry and b) the standards are high. Accordingly, it is difficult to assess whether the Member State can determine that only those standards that have been established in the state-regulated procedure represent the due diligence that is customary in the industry. It is also unclear whether the Member State can finally regulate the standards in accordance with the above-mentioned proposals. Finally, the legal implication of complying with these standards remains unclear: does compliance with a standard mean complete exemption from liability or only a prima-facie proof that the necessary efforts have been met? As art. 17 (4) b) DSMD refers to those standards specifying the necessary efforts, Art. 17 (4) should indeed be read as a liability privilege – and not only some sort of evidence rule.

111

However, the implementing legislator could establish a presumption of conformity with the diligence required by Art. 17 (4) (b) DSMD if the standards adopted by state-regulated procedures are complied with. A violation of the burden of proof rule in Art. 17 (4) b) DSMD would not be associated with this, since only the evidentiary effect of the standard established by state-regulated procedures would be determined; the service provider would still have to explain and prove how it complied with this standard. If necessary, this procedure can also be combined with certifications which then initiate the presumption of conformity.

112

If technically no filter is known in the industry, it remains the case that the service provider cannot be obligated to do something that is technically impossible. [122] For example, the filter technology ContentID [123] is known from YouTube. [124] For social networks other criteria may then apply, e.g. the filters used by Facebook - which, however, are also subject to corresponding criticism. [125] Whether there are comparable technologies for other works, in particular movies, is doubtful at present. [126] This is especially the case regarding parodies etc., as shown by the well-known example of the RTL movie “Not Heidis Girl” whose parody character was not recognized by the filter used by Google. [127] Since Art. 17 (4) (b) DSMD refers to the standards customary in the industry, the obligations must be omitted if they simply do not exist in an industry.

113

Another general conflict between Member States’ specifications and the DSMD could result out of Art. 17 (10) DSMD, which gives the EU Commission competence to define guidance for Art. 17 (4) DSMD according to a complex procedure with the participation of stakeholders. Recital 71 formulates the intended stakeholder dialogue in a similar way. Member States are mentioned only with regard to cooperation with the Commission. National stakeholder dialogues or standardization procedures are not mentioned in Art. 17 (10) DSMD. The guidelines to be issued by the Commission refer in their entirety to the procedures under Art. 17 (4) DSMD, and thus also to (4) b) and the high industry standards mentioned therein.

114

However, Art. 17 (10) DSMD is not completely clear, since Art. 17 (10) DSMD expressly speaks of “in particular regarding the cooperation referred to in paragraph 4”, which probably means the information to be provided by the rightholders. On the other hand, Art. 17 (10) DSMD shows that the procedures under Art. 17 (4) (b) DSMD must also be meant, since otherwise the obligation of service providers or service providers to provide user organizations with access to appropriate information “on the functioning of their practices with regard to paragraph 4” makes hardly any sense.

115

As a result, the EU Commission has quasi “sovereignty” over the specification of the procedures under Art. 17 (4) b) DSMD - so that a Member State standardization procedure for Art. 17 (4) DSMD must respect the guidelines under Art. 17 (10) DSMD. However, under Art. 17 (10) DSMD, the Commission’s guidelines do not have any legally binding effect towards courts or authorities; unlike authorizations for implementing Directives or Regulations, they are not legal acts with binding effect. Thus, the CJEU has determined in the context of antitrust proceedings that:

“209   The Court has already held, in a judgment concerning internal measures adopted by the administration, that although those measures may not be regarded as rules of law which the administration is always bound to observe, they nevertheless form rules of practice from which the administration may not depart in an individual case without giving reasons that are compatible with the principle of equal treatment. Such measures therefore constitute a general act and the officials and other staff concerned may invoke their illegality in support of an action against the individual measures taken on the basis of the measures (see Case C-171/00 P Liberos v Commission [2002] ECR I-451, paragraph 35 ).” [128]

116

Rather, there is a certain degree of self-commitment of the Commission; [129] (national) courts and authorities of the Member States must take into account the recommendations or guidelines, but may deviate from them. [130] It is therefore possible for the Member State to design the procedures for the high standards customary in the sector, but with the restriction that these must comply with the Commission’s guidelines pursuant to Art. 17 (10) DSMD.

117

Beyond legal implementation Member States can support the development of upload filters at the political level by state funding or supporting committees and platforms (while at the same time maintaining distance from the state influence) which attempt to code automated processes by means of open source coding - and make them available to the general public for further development, in particular for small and medium enterprises.  [131]

118

As explained above, the service provider is obliged under Art. 17 (4) b) DSMD (in contrast to Art. 17 (1), (4) a) DSMD) to monitor the content generated and uploaded by users only on the basis of the information on content provided by the rightholder. However, the DSMD does not specify how this information has to be provided. Thus, Member States may opt for certain specifications, e.g. with regard to machine readability of the information in order to facilitate the processing of the information. Such a specification, however, depends on whether the DSMD should be regarded exclusive in the sense that it is left to the rightholders to decide how they specifically provide information to the service providers and Member States cannot specify the ways and means of how to provide such information.

119

Such “negative” harmonization (with no leeway for Member States) would be supported by the fact that in contrast to the DSMD other directives or regulations - such as Art. 20 (1) GDPR [132] - expressly stipulate machine readability, for example with regard to data portability. The stakeholder dialogue in Art. 17 (10) DSMD also indicates that the national legislator has no discretion here. However, the national legislator could again work with presumption effects in favor of the service providers for certain procedures, e.g. platforms on which rightsholders can register their content, but which are not conclusive and which take into account the EU Commission’s guideline competence under Art. 17 (10) DSMD.

120

In this context, due to the danger of “copyright trolls” or unlawful rights information and thus potential blockades of (unwelcome) content, consideration should also be given to procedural requirements for the necessary identification of rightholders and the unambiguous, verifiable indication of rights, e.g. by so-called “trusted flaggers”, which must also apply to corresponding requests for deletion. [133] However, such a specification must also consider the guidance competence of the Commission according to Art. 17 (10) DSMD. [134]

121

Not affected by Art. 17 (10) DSMD, however, is the introduction of rights of the involved users, including the introduction of a stricter liability for “copyright trolls” due to abusive notification of alleged rights. The national legislator has a great degree of flexibility here. [135] National case-law recognizes liability for unjustified warnings of industrial property rights, but these are linked to the right of the business established and practiced. On the other hand, the requirement of so-called “trusted flags” for trustworthy communications from rightholders within the framework of Art. 17 (4) b) DSMD would again be confronted with the objection of infringement of Art. 17 (10) DSMD, which leaves it to the Commission to determine the form of such procedures; nevertheless, presumption rules with respect to Art. 17 (10) DSMD are possible.