European Court of Justice Rules on ISP Disclosure of Subscriber Information
The European Court of Justice recently issued a decision regarding the disclosure of subscriber information, including Internet Protocol (IP) addresses, by Internet service providers (ISPs) where it is sought to identify suspected infringers of intellectual property rights, particularly copyrights. The case arose from a Spanish ISP’s efforts to resist a request by an entity representing music and video publishers that sought to identify users of the Kazaa peer-to-peer service. In its decision on January 29, 2008, the European Court ruled that Member States are not required to make ISPs disclose personally identifiable information even where it is sought to identify a person who has used the ISP’s service to infringe another’s copyright.
The Court in essence accepted the ISP’s argument that the IP address are required to be released only in connection with certain types of investigations, particularly criminal or national security matters. However, while the Court did not require disclosure, it did not expressly prohibit it, instead leaving discretion to the Member States to determine the outer limits.
This decision is notable because it is in stark contrast to U.S. law, particularly the Digital Millennium Copyright Act, which requires ISPs to disclose IP addresses and other personally identifiable information in response to a copyright holder’s request, if the request is made to identify an alleged infringer. It also is important because this may foreshadow further European Union actions regarding the long-running debate on whether IP addresses are personally identifiable information. Typically U.S. courts have found that IP addresses, by themselves, are not personally identifiable.
The decision can be found online at: http://curia.europa.eu/jurisp/cgi-bin/form.pl?lang=EN&Submit=rechercher&numaff=C-275/06.