Are ISPs required to disclose personal details of peer-to-peer users?

Czech Republic

The Spanish copyright licensing group for music producers, Promusicae, suffered a blow this week in its ongoing attempts to force Spain’s largest internet service provider (ISP), Telefónica, to reveal the identity of Spanish file-sharers. 

Promusicae had identified a large number of file-sharers by their IP address only, and had asked Telefónica to provide personal details (e.g. name and address) about the users of the IP addresses.  Telefónica refused, and Promusicae commenced proceedings in the Spanish courts to attempt to obtain an Order requiring Telefónica to provide the personal details. 

During the Spanish court proceedings, Telefónica submitted that EU laws on data protection did not allow it to share personal data of its users with third parties unless it was a criminal law matter.  In deciding whether to grant the order requested by Promusicae, the Spanish court thought it necessary to ask the European Court of Justice (ECJ) a question about the validity of Spanish law on data protection, and whether it was compatible with European directives on e-commerce, copyright, and enforcement.

The ECJ is yet to answer the question, but the opinion of the court’s Advocate General, which is usually followed by the ECJ, was made available this week.  The Advocate General’s opinion is not yet available in English, but in French it is:

Il est compatible avec le droit communautaire que des États membres excluent la communication de données à caractère personnel relatives au trafic lorsque celle-ci est sollicitée en vue de permettre la poursuite de violations du droit d'auteur en droit civil

…or in other words, European law allows Member States to prevent personal data, which relates to IP addresses, from being disclosed when this has been requested to pursue copyright infringement claims in civil law.

If the ECJ follows the opinion of the Advocate General, the Spanish Court will then need to decide, on the facts, whether the Spanish laws on data protection allow the court to order the disclosure of the file-sharers’ personal details.  However, it would appear unlikely, given the fact the Spanish Court asked the question in the first place, that it considers itself able to force Telefónica to disclose the personal data of its users. 

The English courts have previously ordered ISPs to disclose personal details of UK filesharers.  For example, in 2005 and 2006 the BPI obtained court orders against numerous service providers requiring them to disclose the personal data of their users (see here for further details).  However, it is unlikely that in those cases the UK service providers opposed the BPI’s court applications on data protection grounds.  If the ECJ makes its decision as expected, this will increase pressure on UK ISPs to attempt to oppose future court applications.  It will also make it more likely that users who have their details disclosed by ISPs will complain that the ISPs have breached the Data Protection Act.

We will issue an updated Law-Now article when the ECJ makes its decision.