On 7 February, negotiators for the European Parliament, Member States and the Commission agreed the proposal for a regulation on EU cross-border portability of online content services. This is the first agreement relating to the modernisation of EU copyright rules proposed by the Commission as part of the Digital Single Market strategy.

Under the new rules, which will come into force at the beginning of 2018, service providers of paid-for online content must enable subscribers to access and use the online content service when they are temporarily in another Member State. So, for example, when subscribers to Netflix or Spotify are travelling in Europe, on holiday or on business, they will be able to access content on those services in the same way they access those services when they are at home. Provided the online service provider has acquired the necessary rights and licences in the country of residence of the subscriber, the service provider will be deemed to have all the rights needed to provide access to the service to that subscriber in other EU Member States.

Since the draft regulation was first published on 9 December 2015 (see our blog), quite intense discussions have taken place as to what “temporary” shall mean and how the right holders could verify that a subscriber is indeed accessing the online content whilst being temporarily travelling abroad. Concerns have been vocalised particularly on the basis of privacy and data protection law. The answer now given by the commission is that what matters and what can be reasonably verified is the subscriber’s Member State of residence, not his actual position. In this context, recital 23 is fairly instructive:

“[…] The Regulation enables right holders to require that the service provider make use of effective means in order to verify that the online content service is provided in conformity with this Regulation. It is necessary, however, to ensure that the required means are reasonable and do not go beyond what is necessary in order to achieve this purpose. Examples of the necessary technical and organisational measures may include sampling of IP address instead of constant monitoring of location, transparent information to the individuals about the methods used for the verification and its purposes, and appropriate security measures. Considering that for purposes of the verification what matters is not the location, but rather, in which Member State the subscriber is accessing the service, precise location data should not be collected and processed for this purpose. Similarly, where authentication of a subscriber is sufficient in order to deliver the service provided, identification of the subscriber should not be required.”

The new rules apply to video-on-demand platforms (e.g. Netflix and Amazon Prime), online TV services (e.g. Sky’s Now TV) and music streaming services (e.g. Spotify and Google Music). Free services (e.g. public service broadcaster online services) are not caught unless the subscriber’s country of residence is verified by the provider anyway as part of the service.

The full press release is available here.