Directive 2004/48/EC of the European Parliament and of the Council of 29 April 2004 on the enforcement of intellectual property rights (Enforcement Directive), designates a larger group of persons about whom infringers and certain contributors must provide information than does the TRIPs regulations; thus, information must be provided namely on the possessors of infringing products, the recipients of infringing services and those that have provided services to the infringer. In the field of e-commerce, the question may arise whether the intermediary service provider has the obligation to provide information on the recipients of its services (the infringers/the content providers carrying out illegal activities), or is exempted from such obligation by referring to the regulations on limitation of liability and exemption from monitoring obligation set out in E-com Directive (Directive 2000/31/EC of the European Parliament and of the Council on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market).

Pursuant to Article 8 of the Enforcement Directive, Member States must ensure that in the context of proceedings concerning an infringement of an intellectual property right and in response to a justified and proportionate request of a claimant, the competent judicial authorities may order that information on the origin and distribution networks of the goods or services which infringe an intellectual property right be provided by the infringer and/or any other person who: (a) was found in possession of the infringing goods on a commercial scale; (b) was found to be using the infringing services on a commercial scale; (c) was found to be providing services used in infringing activities on a commercial scale; or (d) was indicated by the person referred to in points (a), (b) or (c) as being involved in the production, manufacture or distribution of the goods or the provision of the services.

The Enforcement Directive determines the scope of the information to be provided (Article 8 (2)) and also sets out regulations to be taken into account when enforcing the right to information which partially extend or restrict such right (Article 8 Section 3 a)-e)). Among these, the consideration of point (e) regulating the processing of personal data is of paramount importance.

According to the provisions of the laws on intellectual property, (the Copyright Act, the Act on the Protection of Inventions by Patents, the Act on the Protection of Trademarks, the Act on Utility Model Protection, the Act on Industrial Designs, the Act on the Protection of the Topography of Microelectronic Semiconductor Products) amended (in Hungary by Act XI of 1998) due to the accession to the TRIPs agreement, the rightholder of the intellectual property - in addition to its other claims - may demand, in its discretion, that the infringer provide information of the participants in the production, distribution and provision of the infringing goods and services and on the business chain set up for distributing such goods. Such claim for information may only be enforced against the infringer.

The scope of the information requested in accordance with the Enforcement Directive is wider than that set out in the laws in effect. In addition to the chain of sale, it also extends to the quantity, labeling and value of the sold goods (services).

In addition to the above, the directive embraces a larger group of persons from whom - with or without the infringer - information may be requested (sentence constituting "and/or" in Article 8 (1)) than the domestic regulations do. Among these persons are those who, according to Article 8 (1) c) and d), were found to be providing services on a commercial scale and used in infringing activities or were indicated by such person as being involved in the provision of the infringing services. In short: information may be demanded not only from the infringer but also from other service providers acting on a commercial scale and participating in the chain of sale.

The right to information is to be introduced into Hungarian legislation by the incorporation of the Enforcement Directive by amending the acts on intellectual property. Such amendments are currently in progress under the supervision of the Ministry for Justice and the Hungarian Patent Office.

The introduction of the right to information is linked to the expected amendment of Act CVIII of 2001 on certain questions on the e-commerce services and the information society services (the E-commerce Act) incorporating the relevant section of the Enforcement Directive to Hungarian legislation.

The Enforcement Directive (Article 3 (a)) generally does not affect the 'spirit' of the E-com Directive and does not at all affect the limitation of liability existing in favor of the intermediary service providers and set out in Articles 12-15 of the E-com Directive.

The introduction of the right to information is only compulsory in cases of illegal activities or services carried out on a commercial scale. Pursuant to Preamble Section 14 of the Enforcement Directive, acts carried out on commercial scale are those carried out for direct or indirect economic or commercial advantage; this would normally exclude acts carried out by end consumers acting in good faith.

It should be noted that one cannot find out what the decisive factors are of the good faith behavior of the consumer. Is it the quantity of commodities bought or the 'volume' of service ordered or received? Or is can good faith be evaluated on the ground whether the consumer knows or should know that he /she is at the end of the chain of infringing acts? What about file-sharing consumers if the overwhelming majority of the content to be shared is infringing material? As far as the quantity and the direct economic advantage is concerned, these consumers act on a commercial scale. As far as the awareness of the consumer is concerned is it reasonable to expect from natural persons to know whether the sharing of content is licensed?

Among the services falling under the scope of the E-commerce Act, the e-commerce services (Section 2 (a) of the E-commerce Act) and the information society services provided outside of e-commerce but for consideration (Section 2 (f) of E-commerce Act), without doubt, qualify as commercial services (provided on commercial scale) according to the Enforcement Directive and the E-commerce Act.

Of the e-commerce services within the information society services, it is typical, due to use of electronic means, that the intellectual property right holder notices the infringement or the alleged infringement at the Internet Protocol address / domain name (hereinafter: IP) / of the intermediary service provider and not directly at the infringer.

Therefore, the question may arise whether the intermediary service provider has the obligation to provide information on the recipient of its service, the content provider committing infringement, or may be exempted from such obligation by referring to the regulations on liability limitation (Sections 7-13 of E-commerce Act) or the exemption from monitoring obligations (Section 7 (5) of E-commerce Act).

The limitation of liability set out in the E-com Directive, and thus also in the E-commerce Act, exempts the intermediary service provider from liability for damages and other payment obligations arising in connection with the infringing content, more precisely, from the creation of access thereto. Unfounded are opinions which consider the full non-liability of the intermediary service provider to be the starting point. The purpose of the legislation was to exempt intermediary service providers from the threat of payment liabilities (due in money) in order to avoid the obstruction of e-economic development and to accelerate the spread of the Internet in cases where the intermediary service provider cannot be reasonably expected to monitor the content provided by other parties.

The intermediary service provider will also satisfy the injunctions of authorities ordering termination of or prohibition from the infringement, whether it be rendered on any legal basis (civil law, criminal law or administrative law (first sentence of Section 7 (4) of the E-commerce Act). An administrative legal basis for such terminating order may be, for example, an act or a practice of a service violating a legal provision among the exceptions from the principle excluding prior authorization (Article 4 (2) of E-com Directive, incorporated into Section 3 (2) of the E-commerce Act, Section 10 (m) of Act on Electronic Telecommunication.).

A civil law legal basis for the prohibition may be the conduct of an intermediary service provider exceeding the limitations of free use (temporary or transitional reproduction) set out in Section 35 (6) of the Act LXXVI of 1999 on Copyright; thus, conduct subject to copyright license (the permanent reproduction carried out under hosting doubtlessly, and arguably the caching also classifies as such).

The jurisprudence and the judicial practice of the some countries in Europe see the infringement of database rights as possible, and consider the so-called "deep link" (internet reference) embedded in the search engine leading to the substance (i.e. not to the opening page but to the internal pages) in the absence of the consent of the rightholder as making available to the public, which is then subject to licensing (the legal basis of such views is that numerous homepages meet the requirements for legal protection granted to database producers (Section 60/A and Sections under 84/A of the Act on Copyright)).

The heading of the Article of E-com Directive, the liability of intermediary service providers, also deals with the liabilities of the above-mentioned service providers (and not with the exclusion of liability).

Pursuant to Preamble Section (45) of the E-com Directive: "The limitations of the liability of intermediary service providers established in this Directive do not affect the possibility of injunctions of different kinds; such injunctions can, in particular, consist of orders by courts or administrative authorities requiring the termination or prevention of any infringement, including the removal of illegal information or the disabling of access to it".

The incorporation of this principle into legal provisions are data transmissions in Article 12 (3), caching in Article 13 (2), and hosting in Article 14 (3) of the E-com Directive. To the above belongs Article 18 (1), which sets out that the adoption of provisional measures shall be ensured for ordering termination, i.e. prohibition or discontinuation against any information society service provider in case of an alleged infringement.

Finally, Article 15 of the E-com Directive enabling the exemption from the monitoring obligation should be elaborated on. Section (1) thereof deals with the authorization to exemption, Section (2) enables the courts and other authorities to request information also from the recipients of hosting services.

Based on both of the above regulations of the E-com Directive and the comparison of Article 3 (a) and Article 8 of the Enforcement Directive, it may be established that the exemptions from the liability of the intermediary service providers do not exclude the introduction of the obligation to provide information which may be regulated parallel with the right to information of the affected right holders.

The so-called private communication is the key concept of the right to information (from the viewpoint of the intermediary service provider: obligation to provide information) to be introduced.

If the "existence in the electronic world" does not reach the level of an information society service, in other words, only private communication is being transmitted via electronic means (pure electronic correspondence), then according to the logic of the E-commerce Act and the regulations on data protection in the electronic communication, the obligation to provide information does not apply to the private communicator. Thus, it may remain anonymous (even if it infringed copyrights or industrial property rights).

Therefore, the question is of importance whether the act of the file-sharing natural person qualifies as private communication whereby his/her data may be inquired from the access provider, which does not qualify as a user in terns of copyright.

The starting point may be - and is the practice - that infringements are committed from an IP address being hidden behind the access provider. If the sharing of files is more than a mere reproduction for private purposes - and this is evident as the communication to the public is attained by forwarding the files - then the private individual - depending on the legal interpretation of the private communication - may exceed the criteria for private communicator and become a service provider (content provider) under the E-commerce Act. At this point, the obligation of the access provider acting on a commercial scale to provide information on the file-sharing persons may arise. Nevertheless, based on the legal provisions on data protection in the electronic communication and on the fact that (even) the access provider does not have the obligation to monitor the transmitted content, the conclusion may be derived, that within the framework of civil law enforcement, the access provider that provides data may not be ordered to provide information on natural persons.

The contents of this article are intended to provide only a general overview of the subject matter. Specialist advice should be sought for specific matters.