‘You can’t always get what you want’ from a borderless VPN-driven internet
28 views
Skip to first unread message
Georgia Jenkins
Jan 30, 2026, 11:29:40 AM (12 days ago) Jan 30
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to ipkat_...@googlegroups.com
Home / advocate general's opinion / Anne Frank / C-788/24 / communication to the public / copyright law / geo-blocking / Georgia Jenkins / public domain / VPN / ‘You can’t always get what you want’ from a borderless VPN-driven internet
‘You can’t always get what you want’ from a borderless VPN-driven internet
Virtual Private Networks (VPNs) are a normal (and integral) part of the internet’s infrastructure. From securing remote access to networks, protecting confidential data and complying with security obligations, they are considered (in most countries) good privacy practice. This is particularly true when it is revealed that despite increasing reliance on encryption, organisations still ‘collect vast amounts of personal data online’. Some even reflect that:
Opinion
This case hinges on whether the online publication of a new scholarly edition of Anne Frank’s Diary infringes the right of communication to the public. Though these editions are protected in the Netherlands until 2037, in several countries (e.g. Belgium) copyright in the Diary has expired. This fact was not unknown to the defendants who implemented a geo-blocking system to restrict access to users from non-public domain countries. VPNs, naturally, circumvent geo-blocking measures. While both the first instance and appeal courts dismissed the action, finding that geo-blocking is a reasonable effort, the Dutch Supreme Court referred the case to the CJEU for a preliminary ruling to address the questions below.
In terms of the public, AG Rantos reminds us that it refers to an ‘indeterminate number of potential viewers’ which implies ‘a fairly large number of people’. To determine this amount, account must be taken of the number of people able to access the work simultaneously and how many of them access it in succession. For it to be communicated to the public, it is either through different technical means or, if the means is the same, to a ‘new public’ not already taken into account by the first authorisation of the initial communication. It follows that the website publication is an ‘act of communication’, and that whether it is addressed at a specific country is irrelevant.
Naturally it would be a step too far to hold bona fide actors accountable for VPN use that circumvents technical measures. Agreeing with the EU Commission, AG Rantos explains that ‘an exclusive right in a work’ does not equate to ‘the right to authorise or prohibit […] communication to the public in another Member State in which that right has ceased to come into effect’. It is only when works are communicated with technical measures so ‘deliberately ineffective’ that liability should arise. In effect, it is the Member State’s responsibility (Article 6(1) of the Information Society Directive) to take ‘positive action’ for anyone infringing the protection conferred on that right.
Nonetheless, AG Rantos suggests that it would be helpful to have more guidance on the position of the bona fide actor. This could include the ‘state-of-the-art’ technical measures being fallible, the ease of unlawful means or conduct to enable users to circumvent geo-blocking measures, and the presence of additional measures to impede or discourage public access in a blocked country. However, the website’s language (here, Dutch) alongside the use of a generic domain name should be considered insufficient to argue that the communication ‘targeted’ the Netherlands. Further, the applicant’s suggestions (e.g. library computer terminals or subscriber-only access) would likely fail to comply with the proportionality principle.
Most of us do not realise that our identities are tracked in between sessions and browsers, through our phones and tablets, using multiple techniques ranging from the average cookie to more shady practices like browser fingerprinting.
 |
| Photo by Thomas Bormans on Unsplash Keep your data purr‑ivately tunneled with a V‑Purr‑N. |
But what happens when VPNs are used to circumvent national copyright restrictions to access copyright works that are in the public domain in other countries? Arguably such use undermines the very territorial system that supports creativity and cultural diversity (e.g. Recitals 4 of the Information Society Directive and 2 of the CDSM Directive). Should intermediaries that lawfully make available these works in certain EU Member States be liable for VPN providers that facilitate circumvention in non-public domain Member States? If it is accepted that ‘state-of-the art’ geo-blocking measures cannot prevent VPN use, where should the burden lie?
These questions are difficult and challenge the very core of the EU copyright system’s delicate balance between conflicting fundamental rights. Advocate General (AG) Rantos’ recent Opinion in C-788/24 Anne Frank Fonds delicately unpacks these issues set against a broader background of ensuring a fully-functioning internet despite copyright’s territorial nature.Opinion
This case hinges on whether the online publication of a new scholarly edition of Anne Frank’s Diary infringes the right of communication to the public. Though these editions are protected in the Netherlands until 2037, in several countries (e.g. Belgium) copyright in the Diary has expired. This fact was not unknown to the defendants who implemented a geo-blocking system to restrict access to users from non-public domain countries. VPNs, naturally, circumvent geo-blocking measures. While both the first instance and appeal courts dismissed the action, finding that geo-blocking is a reasonable effort, the Dutch Supreme Court referred the case to the CJEU for a preliminary ruling to address the questions below.
a. Must a communication to the public be addressed at the public of a particular Member State, or is it sufficient that the anyone is able access it?
AG Rantos provides a succinct summary of the right to communicate to the public. Outlining well-trodden concepts, the Opinion re-affirms that it necessitates a broad definition to ensure a high level of protection for authors through an appropriate reward for use of their work. It comprises: (1) an act of communication; and (2) that such communication is made to the public. This requires an individual assessment that includes non-autonomous and interdependent criteria, including the role of the platform operator and the deliberate nature of their intervention where a profit-making intention can become relevant.In terms of the public, AG Rantos reminds us that it refers to an ‘indeterminate number of potential viewers’ which implies ‘a fairly large number of people’. To determine this amount, account must be taken of the number of people able to access the work simultaneously and how many of them access it in succession. For it to be communicated to the public, it is either through different technical means or, if the means is the same, to a ‘new public’ not already taken into account by the first authorisation of the initial communication. It follows that the website publication is an ‘act of communication’, and that whether it is addressed at a specific country is irrelevant.
b. Whether state-of-the-art geo-blocking measures are sufficient to avoid infringing the right of communication to the public?
Following the 20+ years of balancing rightsholders’ and interests’ fundamental rights, namely freedom of expression and information alongside the right to protect IP, it is hardly a surprise that discussion turns to the balance between primary and secondary EU law. Refreshingly, AG Rantos comments that it is still complex due to the nature of online communication that exists in spite of copyright’s territorial boundaries. AG Rantos explains that technical measures (e.g. geo-blocking) aim to respond to this tension by limiting access according to the location of the user through IP addresses.Naturally it would be a step too far to hold bona fide actors accountable for VPN use that circumvents technical measures. Agreeing with the EU Commission, AG Rantos explains that ‘an exclusive right in a work’ does not equate to ‘the right to authorise or prohibit […] communication to the public in another Member State in which that right has ceased to come into effect’. It is only when works are communicated with technical measures so ‘deliberately ineffective’ that liability should arise. In effect, it is the Member State’s responsibility (Article 6(1) of the Information Society Directive) to take ‘positive action’ for anyone infringing the protection conferred on that right.
Nonetheless, AG Rantos suggests that it would be helpful to have more guidance on the position of the bona fide actor. This could include the ‘state-of-the-art’ technical measures being fallible, the ease of unlawful means or conduct to enable users to circumvent geo-blocking measures, and the presence of additional measures to impede or discourage public access in a blocked country. However, the website’s language (here, Dutch) alongside the use of a generic domain name should be considered insufficient to argue that the communication ‘targeted’ the Netherlands. Further, the applicant’s suggestions (e.g. library computer terminals or subscriber-only access) would likely fail to comply with the proportionality principle.
c. What is the liability of VPN service providers?
The Opinion first outlines that this question is entirely unnecessary given the limited liability of the website publication. That being said, AG Rantos uses the opportunity to reflect on the position of VPN service providers and suggests that their intervention does not involve a communication of copyright works, but is solely internet access. Again, there is a focus on knowledge, especially when a VPN encourages use for the purposes of unlawful access within a non-public domain country.Comment
AG Rantos’ concluding discussion is an important step forward regarding access within the EU copyright system. As the push to ‘force VPNs to implement web-blocking orders against piracy websites’ intensifies, particularly in France, and Denmark considers banning VPNs used for ‘accessing geo-blocked streaming content or bypassing website blocks’, AG Rantos offers a fresh perspective alive to VPNs’ integral role within internet infrastructure.This outcome, however, driven by conflict between primary and secondary EU law, leaves the accessibility of a work of shared cultural heritage dependent on national borders. More fundamentally, it impacts how cultural and informational identities are shaped online, particularly our collective memory. VPNs form part of this picture as they remain a much-needed pillar of digital privacy - privacy that, as Edward Snowden reminds us is essential in our ability ‘to determine who we are and who we want to be’. While unaddressed in the Opinion, we should not overlook the copyright system’s broader impact on privacy, autonomy and access to the EU’s shared cultural heritage.
This Kat therefore ponders whether copyright is even best placed to respond to a problem that sits at the final frontier of digital privacy. We now await the decision of the Court of Justice of the European Union.
Do you want to reuse the IPKat content? Please refer to our 'Policies' section. If you have any queries or requests for permission, please get in touch with the IPKat team.
Reply all
Reply to author
Forward
0 new messages