Search Slyck  
Irish ruling raises privacy worries
September 8, 2005
Font Bigger Font Smaller
Only a very naïve person would believe that their identity is secure when using the internet, although most of us would like to think that our rights to privacy are protected in law.

Not so, according to a ruling of the Dublin Court in favor of the Irish Recorded Music Association (IRMA), the Irish equivalent of the RIAA. The IRMA had recently sought disclosure of the identities of 17 people from their ISPs, who had allegedly used P2P to distribute files. It was especially disturbing that these individuals apparently did not even know that the IRMA was pursuing them for alleged copyright infringement, thus denying them the chance of fair representation.

The principle of forcibly disclosing the identities of others dates back to 1973, when the English courts ruled in the case of Norwich Pharmacal v Commissioners of Customs & Excise that a third party “comes under a duty to assist the person who has been wronged by giving him full information and disclosing the identity of the wrongdoers". This precedent has become known universally as the Norwich Pharmacal ruling.

ISPs can become involved in the transfer of infringing material, not because they have had any involvement in the act itself but simply because they have provided the means of communication.

In July 1998, the Federal Court of Canada ruled that internet service providers must reveal the identity of their users, ordering the disclosure of all messages sent by disgruntled ex employees of the Philips Services Corporation. In this instance the Philips Services Corporation took their action further, and issued proceedings in the Californian court against Yahoo, who had hosted the bulletin board concerned. Both actions were based on the Norwich Pharmacal ruling. Faced with a protracted and costly legal action, Yahoo decided to volunteer the information rather than fight the case. The protection offered by the American First Amendment failed to prevent other actions of a similar nature (America Online Ltd -v - Anonymous Publicly Traded Corporation 2001 is one of several examples of such an action).

The Norwich Pharmacal ruling that originated in the English courts has therefore acquired a distinctly international flavor, migrating to Canada and hence the Commonwealth, across to the USA and most recently, to this highly relevant case in Ireland.

judgment, Justice Kelly of the Dublin Court stated, “On the evidence which has been put before me I am satisfied that there is prima facie [or reasonably clear] demonstration of a wrongful activity, namely infringement of the Plaintiff's copyright.”

Justice Kelly went on to say in his comprehensive ruling, “I am satisfied that whether the right to confidentiality arises by statute or by contract or at common law, it cannot be relied on by a wrongdoer or a person against whom there is evidence of wrongdoing to protect his or her identity. The right to privacy or confidentiality of identity must give way where there is prima facie evidence of wrongdoing. There is such evidence here.”

This naturally raises concerns that ISPs will simply start handing over details of all their clients to the music industry. Indeed, their acceptable use (AUP) and privacy policies usually give them the right to do so. One British Telecom subsidiary states: “BT reserves the right to edit or disclose the contents of your private communications to law enforcement authorities, if in BT’s good faith belief that such action is reasonably necessary to conform to the edicts of the law or comply with legal process served on BT.”

It is also worth bearing in mind that data protection laws may offer far less protection than we would hope for. In the UK in particular, the Data Protection Act 1998 states in section 35 that personal data "may be communicated to third parties for the purpose of, or in connection with, any legal proceedings".

However, it should be remembered that such rulings are specific to individuals and do not confer blanket authority to ISPs to disclose personal information without being ordered to do so. Otherwise they could be liable for extensive damages themselves. It should also be remembered that the court first had to be satisfied that those individuals who had been identified had probably done what they were accused of in the first instance.

Perhaps the IRMA may care to reflect that their action could backfire in a spectacular home goal. They have had to disclose details of both their allegations and their case, therefore immeasurably helping anyone brave enough to defend themselves against prospective action.

Furthermore, if the recent Irish ruling were to be contested under the European Convention on Human Rights on the grounds that the defendants were denied their right of representation, it would almost certainly be overturned.

This story is filed in these Slyck News categories
File-Sharing/P2P Related :: International
Legal/Courtroom :: Court Rulings/Decisions
Technology News :: Security

You can discuss this article here - 25 replies

© 2001-2019