Swiss Supreme Court: data protection prevails over enforcement of IP rights

In a decision of 8 September 2010 (full grounds not yet published, press release here), the Swiss Supreme Court ruled that Logistep AG may not search peer-to-peer networks for copyright infringing files, register the IP [internet protocol] addresses of the uploaders and forward them to the copyright owners, which then, based on the data, file criminal complaints against unknown (the prosecution, unlike private parties, can force the ISPs to hand over name and address of the person/entity behind the IP address).

Logistep, acting for copyright holders (not the International Federation Of Producers Of Phonograms And Videograms, IFPI, though, says IFPI) searches peer-to-peer networks for copyright infringing files, then registers the IP addresses of the uploaders (pure downloading is legal under Swiss law) and forwards these to the copyright owners. The Swiss data protection authority brought suit against them (noted on IPKat here), claiming that this business model infringed data protection law. The Administrative Court ruled in favour of Logistep, weighing the interest in enforcement of IP rights more than the privacy interest of the users. The Supreme Court, in a contested 3:2 decision, reversed. The Supreme Court held that

• IP addresses are personal data in the sense of data protection law;


• the collection of these addresses violates data protection law because it occurs without the consent of the concerned persons;


• the interest in the enforcement of IP rights does not justify the violation of data protection law: the interest of internet users in the protection of their personality rights (read: right to remain pseudo-anonymous) prevails over the interest of right owners to enforce their rights against them.

The German Supreme Court (BGH) had come to another conclusion in a decision of May 2010 (I ZR 121/08) and allowed a right owner to enforce its rights against the provider of an unsecured WIFI-spot based on data collected by Logistep (noted on IPKat here) - the BGH did not, however, explicitly rule on the Logistep business model.

According to this interview with a judge at the Landgericht Köln, in 2010 each month roughly 1,000 requests for the identification of persons behind IP addresses are filed with the Landgericht Köln, each one including 1,000 to 3,000 IP addresses. Which means that roughly, in a year at least 12 x 1,000 x 1,000 = 12 million persons in Germany are identified as illegal file sharers (it is possible that the same person is identified several times, because IP addresses assigned to end-users often change [dynamic IP address], but nonetheless, these numbers are staggering).

The Swiss decision will make it very difficult for copyright owners to enforce their rights in digital content in Switzerland; while it is formally binding only upon Logistep, it is hard to see how a court would decide differently if the right owners themselves collected the data.

The IPKat likes to announce that it remains the intellectual property Kat, not to be confused with the internet protocol Kat.