Collection of IP adresses for the purpose of legal proceedings
3 min to read

Collection of IP adresses for the purpose of legal proceedings

Date
06 January 2017

As has been widely discussed in the Danish tech media, in 2016 several law firms, including OPUS og Njord, have sent out letters to potential violators of their clients’ copyrights. This is done by monitoring the most popular peer-to-peer network, logging the IP addresses that are sharing the works in question and then contacting the person behind the IP address with assistance from the service provider.

In this connection, under Danish law but probably also in other jurisdictions, two issues can be addressed. Firstly; are private individuals allowed to monitor networks, log other individuals’ IP addresses and approach them unsolicited? Secondly; is the service provider obliged to assist the copyrights owner by handing out the name and address of the person behind the IP address?

The second issue was addressed by the Court in Frederiksberg with an affirmative ruling on 13 July 2015, but the first issue is a part of a legal discussion that has not been given much attention.

The main question is whether the Danish Act on Processing of Personal Data even applies. This would be the case, if the data controller is established in Denmark.

The data controller is the one that decides the purpose of the processing of the information – in this situation, the collection of the IP addresses. In this connection, it is not important who is collecting the information as long as the IP addresses are collected on behalf of the data controller.

Consequently, the key issue is if the copyrights owner is established in Denmark, i.e. if they have a permanent establishment in the form of a subsidiary company/branch office in Denmark. If such a company exists and if this company is in charge of the legal proceedings and using the IP addresses for this purpose, then the Danish Act on Processing of Personal Data applies to the collection of the IP addresses.

According to Danish law, an IP address is personal data, i.e. that the collection of such data must have a legal basis. According to a recent ruling by the European Court of Justice, also dynamic IP addresses are personal data even if it requires extra work to find the individual behind.

When an IP address is linked to a potential infringement of copyrights, semi sensitive data regarding crimes is being processed.

According to Danish law, it is allowed to process semi sensitive data with the purpose of pursuing a legal entitlement which is the case here. But it is not sufficient to have legal basis for the processing – companies that are processing semi sensitive data must also have an authorisation from the Danish Data Protection Agency before prior to such processing. Previously, AntiPiratGruppen, an organisation form by a number of Danish right holders organisations, has been given authorisation in a similar matter with a number of conditions imposed.

Provided that the copyrights owners or their representatives have not been authorised prior to such collection of IP addresses, the collection is most likely not compliant with the Danish Act on Processing of Personal Data.

The Danish Data Protection Agency has not had the opportunity to decide on the matter yet, but has been made aware of the issue.

(I would like to thank associate Kamilla Pierdola Mondrup and junior associate Mathias Bartholdy for assisting with this blog entry.)

Share
Written by
Martin von Haller
Martin von Haller
Martin is recognised for his solid legal skills and as an innovative thought leader and strategist within the IT industry. He is a partner in Bird & Bird's International Tech and Comms Group and is based in Denmark. Martin is one of Denmark’s leading IT lawyers with almost 20 years’ experience of advising Danish and international organisations, including large blue chip companies on legal and commercial matters in connection with IT in a wide sense. He is considered a pioneer with respect to legal aspects of Online Technology Solutions (Ecommerce, internet and web services), Cyber and IT security, open source and open data and use of other open licence forms such as Creative Commons.
Related articles
Smart Contracts – Recognising and Addressing the Risks
4 min to read
29 December 2021
Smart Contracts – Recognising and Addressing the Risks
Smart contracts, where some or all of the contractual obligations are defined in and/or performed automatically by a computer program, are expected to have a significant impact on the way business is...
Technology Projects: Managing the Risks of Innovation and Change Part 3: Contract Reset and Dispute Resolution
Technology Projects: Managing the Risks of Innovation and Change Part 3: Contract Reset and Dispute Resolution
Customers in long-term technology projects can find that while they have been working towards their chosen solution a more advanced, cheaper, or simply more desirable technology has become available....
Digital dispute resolution rules to facilitate rapid and cost-effective resolution of disputes involving novel digital technologies
Digital dispute resolution rules to facilitate rapid and cost-effective resolution of disputes involving novel digital technologies
While some saw the development of products using blockchain technology leading to the demise of disputes, the reality is that disputes in the arena of digital technology are increasing in number. Lawtech’s...
Technology Projects: Managing the Risks of Innovation and Change Part 2: During the Life of the Project
Technology Projects: Managing the Risks of Innovation and Change Part 2: During the Life of the Project
Customers in long-term technology projects can find that while they have been working towards their chosen solution a more advanced, cheaper, or simply more desirable technology has become available....
Cookies
We use analytics cookies to help us understand if our website is working well and to learn what content is most useful to visitors. We also use some cookies which are essential to make our website work. You can accept or reject our analytic cookies (including the collection of associated data) and change your mind at any time. Find out more in our Cookie Notice.