What seems very clear now, is that whereas European ISPs stood behind their customers and defended their customers rights for privacy, the majority of UK ISPs in this case simply sold out their own customers without even a hint of a fight to defend their privacy. If you look at the information pack from DL (if you don't have it I'm happy to post, but it was posted several times), and see the court order, it says clearly:
AND UPON reading letters from Respondents (1)-(7) and (11)-(18) confirming these Respondends do not oppose the making of this Order;
to clarify - DL asked ISPs to sign a declaration that they do not oppose releasing the information if a court order is given. Apart from 3 ISPs (BT, PLUSNet and Be) - all ISPs signed this declaration and didn't even attend the court hearing.
In spain, to compare - Telefonica went to court to defend their customers rights for privacy!
I therefore suggest, and I have already begun this process, that as many people as possible file a Data Protection Act Subject Access Request (DPA SAR) to their ISPs. This in itself wouldn't do much, but if you bear with me, hope it will be clear. There's a really good template online so it only takes a couple of minutes to print and send. You may need to enclose a cheque for £10. My ISP - Virgin Media, did cash the cheque, but credited it back to my account - so some ISPs don't even charge for it. Others might, but they can't charge over £10. This DPA SAR is essentially a request to see what information the ISP holds on them as a customer. If they follow the Act, it includes loads of information, including IP addresses, MAC addresses, billing information, and also all information relating to the DL case. The more people send those DPA SAR, the more pressure there is on the ISP. Moreover, they are very likely NOT to comply fully with the Act, giving an opportunity to file a complaint with the ICO (Information Commissioners Office). This will put even more pressure on them, but you have to be dedicated to the process and patient. It's easy, but takes some time etc. I already complained to the ICO because Virgin Media didn't respond to my application within 40 days as they should have done. I'm now in the process of filing another complaint, because the information was barely nothing compared to what they hold, and certainly didn't include all the information requested (and which they DO hold, and that you and I are entitled to receive!) - another violation of the DPA. If the ICO receives many complaints, the ISP will likely to get very bad reputation and potentially fines. If this happens, they will certainly think twice if this happens again.
The template is available on
http://www.privacyinternational.org/iss ... r_isp.htmlI would also add to the template "MAC addresses, IP addresses", where it says
All records relating to my account, including subscriber data, billing information...Feel free to add or change. you don't need to be lawyers to do it (I'm not a lawyer).
Remember that the more requests they get, the more pressure there is on them, and hopefully the ICO will stand behind our rights for privacy, so next time another money-making-scam like this takes place, ISPs wouldn't be so keen to release the information.
Note that some ISPs have different addresses now than those on the template. Find your ISP address on their website to be sure you're sending to the right place. Best to send by recorded delivery so you have proof that it was received. If they fail to respond within 40 days it's already enough to file a complaint with the ICO, but remember it's just the first step
