Forwarding hack warnings violates privacy law, Dutch court rules *TorrentFreak
House > Piracy >
Dutch ISP Ziggo doesn’t have to send a hacking warning to a subscriber accused of offering 200 e-books in an open directory. Anti-piracy group BREIN took the case to court which found, for the second time, that ISPs needed a license to process the personal information of alleged infringers.
Backed by Hollywood and other content industries, Dutch anti-piracy group BREIN has shut down hundreds of pirate sites and services in recent history.
BREIN has also successfully targeted several prolific BitTorrent downloaders and other offenders. Tracking down and prosecuting individual file sharers is resource-intensive, however, and the anti-piracy group aims to expand its network.
Send warning letters to hackers
To expand its reach, the group previously obtained permission from the Dutch Data Protection Authority to track and store the personal data of alleged BitTorrent hackers. This request was accepted and at the end of 2020, BREIN announced the start of its mass alert campaign.
Unlike other copyright enforcement groups, BREIN is not interested in casual pirates. Instead, it focuses on the biggest fish and asks ISPs to issue a warning to those subscribers.
This sounds like a balanced approach that would be relatively easy to implement in many other countries where forwarding hack notices is standard procedure. In the Netherlands, however, it is not at all simple.
Ziggo refuses to transmit, the court accepts
When BREIN sent its warnings to the nation’s largest ISP, Ziggo, the company refused to forward the warnings to its subscribers. According to Ziggo, linking IP addresses to specific subscribers raises serious privacy concerns, even if personal information is not shared with BREIN.
In February this year, the court in Utrecht sided with the internet service provider. Although BREIN has a license to process the personal information of alleged infringers, Ziggo does not. This means that linking an IP address to subscriber information would violate Dutch privacy law, which is based on the European GDPR.
It was a severe setback for the anti-piracy group. This effectively makes it impossible to alert subscribers that their connection is being used to share copyright-infringing content, even if that personal information is not transmitted. BREIN didn’t give up either.
The ground doubles
The anti-piracy group submitted another case. This time, a Ziggo subscriber was accused of offering more than 200 e-books to the public through an open directory. BREIN hoped that the ISP would provide notice to the associated account holder or share their personal data.
This week, the court in Utrecht ruled that the ISP was not obliged to cooperate with this request. Without a license from the Dutch Data Protection Authority, linking the IP address to subscriber information would violate privacy law. For the same reason, it also cannot share subscriber details directly with BREIN.
Even if Ziggo had been allowed to process the data, BREIN would not have prevailed. The court concluded that there was insufficient evidence to show that the subscriber voluntarily made the books available for others to download. It is possible that they were simply put online for personal use, without adequate protection.
“Contrary to what BREIN asserts, it is not certain that the holder of the IP address himself infringed copyright,” the court wrote in a press release.
BREIN Director Tim Kuik is disappointed with the outcome and says BREIN will appeal both verdicts. The anti-piracy group argues that simply forwarding notices to subscribers is a reasonable and proportionate measure.
“It must be possible to fight against infringements. The transmission of warnings is the least intrusive means of enforcement. By refusing to do so, the court in Utrecht is really on the wrong track,” notes Kuik.
“This decision is fundamentally incorrect, and the refusal to communicate personal data is also incorrect and contrary to established case law. BREIN awaits the call with confidence.