With the recent decision of July 9, 2020, in the Constantin Film v. YouTube case, C-264/19, the EU Court of Justice ruled that YouTube and Google are required to provide only the postal address, and not also the e-mail address and IP address pertaining to a user who infringes intellectual property rights.


For further reference, see also the news of April 21, 2020 concerning the preliminary question and the Opinion of the Advocate General (available

With the said decision, the arguments raised by Advocate General Henrik Saugmandsgaard Øe in his Opinion of April 2, 2020 were upheld and the Court therefore stated that Article 8, par. 2, lett. a of Directive 2004/48/EC (Enforcement Directive) must be interpreted to the effect that the concept of ‘address’ contained therein does not refer, in the case of a user who has uploaded files infringing an intellectual property right, to his e-mail address, his telephone number and the IP address used to upload such files nor the IP address used at his last access to the user account, but only to his postal address.

This interpretation, which can be described as excessively formalistic, is based on the following arguments of the Court:

• the Enforcement Directive does not define the concept of address and therefore the determination of its meaning and scope must be carried out in accordance with its usual meaning in current language which, according to the Court, would concern only the postal address, that is to say, the place of domicile or residence of a particular person;
• this term in Community legislation does not therefore refer to the e-mail address, telephone number or IP address;
• examination of other acts of Union law referring to the e-mail address or IP address would show that none of them uses the term ‘address’, without further specification, to designate the telephone number, IP address or e-mail address;
• the interpretation thus given is also consistent with the aim pursued by Article 8 of the Directive, having regard to the general objective of that Directive.

As explained, the interpretation given by the Advocate General first and then by the Court is, in the writer’s opinion, excessively restrictive.
Indeed, it is questionable whether the common meaning of “address” is solely that of physical address and not also that of electronic address. Moreover, in the present case, the infringements occurred in an online environment where it is also reasonable to assume that the place where a person can be reached can also be determined by the email address and the IP address. It should also be considered that, in most cases, the data held by the providers are not reliable, especially the postal address data (in fact, false data are often provided which are not adequately verified). It follows that only by knowing – at least – the IP address the rights holder would have a better chance of identifying the perpetrators of the offence.

In any event, the judgment in question makes it clear that Member States may in any event grant holders of intellectual property rights the right to receive more extensive information, provided, however, that a fair balance is struck between the different fundamental rights involved and that the other general principles of Union law, such as the principle of proportionality, are respected.

There are indeed many precedents of the Italian Courts (especially the Courts of Milan and Rome) that have ordered disclosure orders against hosting providers far more extensive, which included data such as name, surname, date of birth, place of birth and address of residence, tax code, or name and registered office and identification number for tax purposes or for registration in the commercial register, or similar, in the case of a legal person (see, for example, the decisions of the Court of Rome, Business Division, of 13 March 2019, and the Court of Milan, specialized section on Business, of 23 May 2019). Article 156bis of the Italian copyright law, in fact, has a broader scope than Article 8 of the Enforcement Directive, expressly providing for the possibility to require intermediaries to provide “the elements for the identification of the entities involved in the production and distribution of products or services that constitute an infringement of the rights under this law”.

It should also be considered that the decision of the Court of Justice concerns the identification data of users of user generated services, i.e. generally natural people who do not derive a profit from their sharing activities. It is a fact that in this sector, the European Union is moving towards greater accountability of the intermediary: Article 17 of Directive 2019/790/EC, the so-called “Digital Single Market”, not yet implemented in Italy, states that the provider must conclude licenses with rights holders and implement recognition technologies, to this end also “covering” the activities of service users.
It is therefore trusted that the decision herein commented does not change the consolidated case-law, at least of the Italian Courts, regarding the disclosure of the data of entities responsible for offences, especially where they are not individual users, but real criminal associations with clear profit intentions.

Margherita Stucchi