Update 04/05/2011: A U.S. District Court has ruled that an IP address is not the same thing as a person’s identification.
It was a case of music copyright infringing download.The US court recognised the IP address of an infringing account does not result on the culpability of the account holder, Thank god for this clarification reversion the presumption of fraud. Surely a common sense approach bringing some Fresh air to the war of digital copyright. That doesn’t mean the IP address is not a private information.
More cases on pearltrees.
Update 16/09/2010 – on this highly sensitive and crucial question of IP address from a US point of view of Personally Identifiable Information ~PII: ‘The Number is Me: Why Internet Protocol (IP) Addresses Should Be Protected as Personally Identifiable Information‘ , a paper published in the DePaul Law Review, Joshua J. McIntyre writes about the potential to use IP addresses to “expose the individuals behind the computers.” (via IAPP)
The author concludes “IP addresses are functionally similar to other types of PII and should be similarly protected in order to protect online privacy. ”
Out-Law – The Register : ‘IP address-tracing software breached data protection law’
‘The Swiss High Court ruled that IP addresses constitute personal information’. Collecting IP Addresses without the owner’s knowledge is a breach of privacy laws. Should this position have echo in other European countries? A crucial point to be clarified before anti-counterfeiting measures to be implemented.
A comment on the decision by iPKat
Recently Datanomy reported the Irish Court : ‘IP addresses “not personal data” says Irish court’
In French Fabrice Epelboin in ReadWriteWebFrance with a parallel with the French ISPs intention to provide IP addresses detected by the private entity TMG, to the HADOPI.
As a reminder, TMG or Trident Media Guard, is a private investigative company, appointed by an industry association, the Société Civile des Producteurs Phonographiques (SCPP), to track down and report copyright infringers to the authorities. Details of how the TMG system operates are unclear, it could be similar to the DtecNET system. A judgement by the Australian Federal Court in February 2010, describes how the DtecNET system operates:
“the DtecNet Agent downloaded one complete copy of the film sought to be investigated. … The DtecNet Agent then reconnected to iiNet users who had a copy of the file or parts of the file of interest and downloaded a piece of that file from those users. It then matched the piece downloaded with the piece hash through [a] hash checking process. … The DtecNet Agent then recorded information referable to the peer from which it had downloaded that piece of the file. … Every aspect of the connection and download was recorded and logged by the DtecNet Agent … and stored securely on DtecNet’s servers … in Copenhagen.”
Unlike France, the situation in Ireland results from a court settlement between Eircom and the Irish Recorded Music Association (IRMA) in January 2009. Eircom has agreed to a similar three strikes system, detect infringements, warn them, in case of persisting non compliance, to disconnect the subscriber.
The Data Protection Commissioner raises concerns about the data comprising IP addresses constitute ‘personal data’ or even ‘sensitive data’ as involved with the commission of a criminal offense. The High Court rejected the Data Protection Commissioner’s concerns in its decision in April 2010.
While the methods of tracking infringing downloads remain opaque, Deep Packet Inspection, honey pot or Audible Magic or DetectNet are different ways of collecting IP addresses, it is hard to judge the link availability between the IP address and the subscriber’s real identity.
More on the subject from my earlier post.