The Swiss Federal Court has ruled that software which identified the internet protocol (IP) address of unauthorised music uploaders broke the country’s data protection law. The court backed that country’s Data Protection Commissioner, who said that Logistep violated Switzerland’s Data Protection Act when it used the software. The IP addresses were personal data, the Court said, and processing that data without the knowledge or permission of the person concerned was a breach of the law, it said.
The Court recognised the economic interest that copyright holders had in stopping the illegal sharing of material in which they had rights, but said that that interest did not justify what it called a significant intrusion into the privacy of each affected user.
The status of IP addresses has been hotly contested in Europe, with some arguing that they are personal data as defined in the EU’s Data Protection Directive, and others arguing that though they are personal data in some circumstances, that is not always the case. A French court ruled earlier this year that a French music royalty collection society did not breach data protection law when using IP addresses and that the addresses were not personal data because they did not directly identify users. The German Supreme Court (BGH) allowed a right owner to enforce its rights against the provider of an unsecured WIFI-spot based on data collected by Logistep – the BGH did not, however, explicitly rule on the Logistep business model.
http://www.bger.ch/mm_1c_285_2009_d.pdf (German language version)