Cloudflare has called on the European Commission to avoid listing the company in its upcoming Piracy Watch List, despite requests from several rightsholder groups. The U.S.-based internet infrastructure provider argues that while it acknowledges the importance of tackling piracy, this must not come at the expense of user privacy or internet security. Cloudflare insists that the Watch List should remain focused on illegal platforms rather than being a lever for broader policy demands.
Cloudflare’s Role and Controversy
As a leading provider of internet infrastructure services, Cloudflare powers millions of websites, including organizations, businesses, and government agencies worldwide. While widely lauded for its role in ensuring website security and connectivity, it has often faced criticism from copyright holders who claim the company inadvertently aids piracy.
Many prominent pirate platforms utilize Cloudflare’s services, including its content delivery network (CDN) and reverse proxy tools. Critics argue that these services shield pirate sites from attacks and make it harder for rightsholders to identify operators, complicating enforcement efforts.
Rightsholders Raise Concerns
In recent submissions to the EU’s Counterfeit and Piracy Watch List, copyright organizations such as the IFPI and Video Games Europe cited Cloudflare as a significant intermediary in piracy networks. They allege that Cloudflare shields the identities of pirate site operators by withholding critical customer information unless compelled by a court order or subpoena.
For instance, IFPI criticized Cloudflare for not proactively sharing operators’ contact information, noting that such disclosures only occur under legal obligation. Similarly, Video Games Europe raised concerns about Cloudflare’s refusal to terminate services to clients accused of piracy, despite repeated complaints.
Cloudflare’s Defense
Cloudflare contends that its role is to provide technological services, not to mediate disputes over intellectual property. The company argues that demands for stricter action, such as mandatory disclosure of customer details or terminating services to accused sites, threaten to erode privacy protections and undermine the neutrality of internet service providers.
Cloudflare emphasizes that the Piracy Watch List should target clear-cut illegal actors, such as pirate sites, rather than legitimate intermediaries providing services to a wide range of users. The company warns that including intermediaries like Cloudflare risks turning the Watch List into a tool for policy advocacy, rather than an accurate record of piracy-related concerns.
Balancing Piracy Enforcement and Privacy
A major point of contention lies in the broader implications of technology designed to enhance user privacy. For example, copyright holders in the video game industry have criticized features such as Encrypted Client Hello (ECH), which enhances encryption and protects user data, making it harder to block pirate sites. Cloudflare, however, argues that such innovations are vital for ensuring internet users’ privacy and security.
“Restricting new technologies that protect privacy and security simply to combat piracy is short-sighted and detrimental to Europe’s long-term digital progress,” Cloudflare stated in its response to the EU.
The company urges the European Commission to carefully consider the trade-offs involved in limiting privacy tools for the sake of anti-piracy efforts, warning that such measures could have far-reaching negative consequences.
Cloudflare’s Collaboration with Rightsholders
Cloudflare highlights its existing cooperation with copyright holders through its trusted reporter program, which includes around 200 organizations. Under this program, Cloudflare shares information such as the origin IP address of infringing sites to help identify their hosting providers.
However, the company resists calls to terminate services for clients accused of piracy. Cloudflare argues that such measures are both ineffective and legally unnecessary, as pirate sites can easily migrate to other providers. Instead, it believes that sharing hosting information enables rightsholders to address piracy directly at the source.
Keeping the Watch List Focused
Cloudflare stresses that the Piracy Watch List should not become a platform for pressuring intermediaries to adopt policies that could harm user privacy. The company asserts that the list should be based solely on verified allegations of illegal behaviour and not used to advocate for regulatory or procedural changes targeting intermediaries.
“Shifting the focus to intermediaries risks diluting the Watch List’s purpose and turning it into a tool for advancing policy agendas rather than addressing piracy itself,” the company stated.
Conclusion
Cloudflare’s appeal to the European Commission underscores the delicate balance between combating piracy and protecting user rights. While the company remains open to collaboration with rightsholders, it is firmly against measures that compromise privacy or security to address piracy concerns.
By keeping the Piracy Watch List focused on illegal platforms and avoiding undue pressure on intermediaries, Cloudflare believes the EU can better address piracy without undermining the core values of the open internet.