A ruling by the Swiss Federal Court adds to the debate over whether IP addresses should count as personal data
Switzerland’s Federal Court has ruled that software that collected the IP addresses of unauthorised media file uploaders broke the country’s data protection law.
The court ruled that software firm Logistep acted illegally in the use of its File Sharing Monitor software. The software searches the Internet for files that break copyright law, collects the IP addresses of the uploaders and forwards them to copyright owners, which can use them as the basis for prosecution.
The court’s decision, which reverses the decision of a lower court, reflects an ongoing debate in Europe about whether IP addresses qualify as personal data. The Federal Court ruled that they do qualify, and thus that it was illegal to process them without the individual’s knowledge.
Switzerland is not part of the EU, and thus is not subject to EU data protection legislation, but has its own parallel laws.
Logistep said in a statement that the decision could lead to the uncontrolled distribution of copyright-protected content in Switzerland.
IP addresses have no clear-cut legal status in the EU. European data protection authorities have said that IP addresses may or may not count as personal data, depending on the context.
In the UK online privacy is a sensitive issue, with the Home Office late last year having pledged to push ahead with controversial plans to monitor all Internet use. The ministry is requiring communications firms to monitor all Internet use, and is asking them to retain information on how people use social networks such as Facebook.
The Digital Economy Act was then rushed through parliament in the closing days of the previous government, intended to tackle copyright infringement over the Internet. The first draft of Ofcom’s code of practice was published in May, and includes a ‘three strikes’ rule, which could see persistent infringers being taken to court for illegal file-sharing. Virgin Media has already tested new technology from Detica that will allow it to monitor file-sharing over the Internet, although many ISPs are opposing the measures.
However, according to the Open Rights Group, Ofcom’s code omits vital requirements for outlining the standards of evidence, and fails to set any proper thresholds for identifying serious infringers. For these reasons, ORG claims, the code fails to comply with the Digital Economy Act and should be scrapped.
Google was recently lambasted over the collection of Wi-Fi data by its Street View cars.