AG Cruz Villalon says that (absolute) banking secrecy prevents effective enforcement of IP rights

Does banking secrecy prevail over IP enforcement?

In a nutshell this is the issue on which the Bundesgerichtshof (German Federal Court of Justice) is seeking guidance from the ever-active Court of Justice of the European Union (CJEU) in Coty Germany, C-580/13

More specifically, the question that the German court referred concerns Article 8(3)(e) of the Enforcement Directive and reads as follows:

Must Article 8(3)(e) of Directive 2004/48/EC be interpreted as precluding a national provision which, in a case such as that in the main proceedings, allows a banking institution to refuse, by invoking banking secrecy, to provide information pursuant to Article 8(1)(c) of that directive concerning the name and address of an account holder?

Yesterday Advocate General (AG) Cruz Villalon issued his Opinion [although unsurprisingly not yet available in English, the Opinion is available in - among other things - Italian]. He first highlighted that this case requires exploring further Article 8 of the Enforcement Directive, which so far has been dealt with mainly in the context of copyright owners seeking to enforce their rights against users who illegally download (and subsequently share) content from the internet.

The AG advised the CJEU to rule that Article 8(3)(e) of the Enforcement Directive is to be interpreted in the sense that - unlike what the situation is currently in Germany, pursuant to Article 19 of the Markengesetz - Member States may not allow banks to invoke banking secrecy unconditionally to refuse information (requested pursuant to Article 8(1)(c) of this directive in the context of civil proceedings to be brought against alleged infringers) regarding the name and address of the holder of an account. 


Coty Germany holds an exclusive licence for the Community trade mark Davidoff Hot Water. In 2011 it purchased a counterfeit bottle of the relevant perfume on by using a pseudonym, and subsequently asked a bank, Sparkasse, to disclose the bank details of the seller of the allegedly infringing product. Sparkasse refused invoking banking secrecy.

Litigation thus ensued. Following a victory at first instance, Coty lost in appeal. Eventually the case made its way to the German Federal Court of Justice, that decided to stay the proceedings and seek guidance from the CJEU.

Things get invariably
hot at the CJEU
The AG Opinion

The AG began his analysis by observing that what is at stake in this case is the compatibility of German law with Article 8 of the Enforcement Directive. 

As is apparent from Recital 21 in the preamble to this directive, the right of information within Article 8 is instrumental to the guarantee of an effective IP protection. However such right is not absolute, as Member States may pose limitations to its exercise. Although among the possible limitations listed in this provision there is no express mention of banking secrecy, according to the AG this could fall among the relevant limitations for "the processing of personal data" (not protection of confidentiality of information), pursuant to both Article 8(3)(e) and Article 2(3)(a) of the directive.

The AG held the view that a national law like Article 19 of the German Markengesetz has two effects: (1) a direct effect that prevents the effectiveness of the right of information within Article 8 of the Enforcement Directive, and; (2) an indirect effect that adversely affect a fundamental right, this being the effective protection of IP rights as mandated by - among other things - Articles 17, 47 and 52(1) of the Charter of Fundamental Rights of the European Union (Charter).

In turn banking secrecy may fall within acceptable limitations to the right of information, on consideration that the Enforcement Directive is without prejudice to the protection of personal data, whose protection is mandated by - among other things - Article 8 Charter.

To determine whether a national law on banking secrecy is compatible with EU law it is necessary to examine it from a fundamental rights perspective. 

Article 52 Charter provides that any limitation on the exercise of the rights and freedoms recognised therein must be provided for by law and respect the essence of those rights and freedoms. Overall, "[s]ubject to the principle of proportionality, limitations may be made only if they are necessary and genuinely meet objectives of general interest recognised by the Union or the need to protect the rights and freedoms of others."

The latter may be in principle the case of banking secrecy and the protection of personal data of the clients of a bank, pursuant to Article 8 Charter. However, to be legitimate, any limitation to the fundamental right to effective protection of IP rights must meet all the conditions set in Article 52 (and this is for the national court to determine): 

(1) be provided by the law [the AG discussed the meaning of 'law' in his Opinion in Scarlet]
(2) respect the fundamental essence of the rights and freedoms involved [the AG appeared to suggest that this would not be the case of a national law - like the German law - that would make effective enforcement depend exclusively on the waiver - for whatever reason - of banking secrecy]
(3) be adequate and necessary [could Coty Germany obtain the information needed through other means?, wondered the AG] to achieve the achieve the objective pursued; and 
(4) respect the principle of proportionality.

All in all

This yet another interesting case that is likely to have broad implications, considering that the relationship between effective IP protection and protection of alleged infringers' personal data has generated a heated debate in the past few years.

It is also another case in which the CJEU has been called to perform a challenging task, ie provide guidance as to how different fundamental rights should be balanced. In the past the outcome of exercises of this type has been vague statements that have generated more than one headache. 

It is sufficient to recall the 2014 decision in Telekabel [here], in which the Court assessed the compatibility of blocking orders on internet service providers (ISPs) with EU law. While concluding in the sense of their legitimacy, the Court stated that orders must be open-ended (thus disregarding the Opinion of AG Cruz Villalon who had instead taken the view that orders should be specific), and ISPs - while enjoying the fundamental freedom to conduct their business, pursuant to Article 16 Charter - must also adopt the most appropriate measures to bring infringements to an end and prevent new ones from occurring, bearing in mind the need to balance the fundamental rights of copyright owners (within Article 17(2) Charter) with those of users to access information lawfully available on their services (in compliance with Article 11 Charter). 

But how is this to be done in practice? The Court did not provide much guidance. Hopefully things will be different when it decides Coty Germany ... But will they?
AG Cruz Villalon says that (absolute) banking secrecy prevents effective enforcement of IP rights AG Cruz Villalon says that (absolute) banking secrecy prevents effective enforcement of IP rights Reviewed by Eleonora Rosati on Friday, April 17, 2015 Rating: 5


  1. Caro Eleonora,

    One detail: A Sparkasse isn't an ISP, but a banking institution ("cassa di risparmio"): "Essa versava il prezzo del prodotto sul conto bancario della Sparkasse"

    One fairly risky way to beat the other party out of the bush might be to charge back his account (EU SEPA Lastschriftverfahren) without authorisation, and hope that he files an official complaint. If the amount "stolen back" is equal to the test sale, then the risk is that it is too small to elicit a reaction. If a largish amount is lifted, then the risk is that the criminal court might (rightfully) take a fairly dim view of the tactic.

    The location of the seller's credit union (Magdeburg) suggests a small-scale operation, or the use of a clueless intermediary. In any case, the real operators probably have already moved on a long time ago.

  2. Thanks Roufousse: I have just corrected the post!


All comments must be moderated by a member of the IPKat team before they appear on the blog. Comments will not be allowed if the contravene the IPKat policy that readers' comments should not be obscene or defamatory; they should not consist of ad hominem attacks on members of the blog team or other comment-posters and they should make a constructive contribution to the discussion of the post on which they purport to comment.

It is also the IPKat policy that comments should not be made completely anonymously, and users should use a consistent name or pseudonym (which should not itself be defamatory or obscene, or that of another real person), either in the "identity" field, or at the beginning of the comment. Current practice is to, however, allow a limited number of comments that contravene this policy, provided that the comment has a high degree of relevance and the comment chain does not become too difficult to follow.

Learn more here:

Powered by Blogger.