BREIN loses court case
p2pnet.net News:- A Dutch court has ruled that ISPs don’t have to reveal the identities of 42 customers anti-piracy organisation BREIN accuses of file sharing.
The Court ruled BREIN’s collection of IP addresses wasn’t in line with Dutch data protection law, among other things, because it used an American company, Media Sentry, to collect data.
The premise in this case is that IP addresses are personal data under the Dutch Personal Data Protection Act (WBP), as was confirmed by the main Dutch Data Protection Authority (CBP).
Last year the CBP decided that the collection and storage of IP addresses would only be legitimate if BREIN handled it themselves.
The CBP hasn’t ruled about BREIN’s practice of using a third party, but the Court considered that in the current situation, the third-party collection can’t be deemed legitimate and it’s likely that the CBP will rule it illegitimate in the future.
That’s especially so because MediaSentry is an American company and, “the United States can’t be considered a country with a fitting protection level of personal data”.
Nor has MediaSentry signed a so-called Safe Harbour agreement conforming to the level of privacy protection under European law.
The Court additionally noted that MediaSentry’s software scanned all the content of the “shared folder” on the customer’s hard disk, which could also contain non-infringing data and personal information. This strengthened the suspicion that BREIN’s outsourcing was more privacy invasive.
On these grounds, the Court decided that not only can the ISPs refuse to hand over the identifying information to BREIN, but they’re not even, “obligated to deny the request to provide identifying information. The ISPs have to guard that they process personal data [i.c. IP addresses- RL] that have an illegitimate source.”
Additionally, the Court noted that, for a request like BREIN’s to be granted, it has to be beyond reasonable doubt that the IP addresses are actually connected to customers that really offer illegal music- or other files on their computer.
The ISPs showed that BREIN had made considerable errors in making the right connection.
All in all, this is a considerable defeat for BREIN, which will appeal the decision.
However, the decision wasn’t all against the organisation. The Court also noted that under the European E-Commerce Directive and the Dutch Civil Code, BREIN may request identifying information in a civil case.
This is being contested by the ISPs.
Also, it’s unclear what will happen if BREIN starts to collect and store IP addresses themselves and are able to match IP addresses to “infringing” customers without substantial error.
Rik Lambers – CoCo
[Lambers is a former researcher at the Institute for Information Law, Amsterdam, who's now in transition to a new full time job in the field of IP/Internet law. He's also an associate member of the European INDICARE project, which researches consumer issues related to DRM.]
==============
Something you think we should know? tips[at]p2pnet.net
