The Dutch Protection Rights Entertainment Industry Netherlands,
known as Brein, represents 52 media and entertainment companies and
was investigating 42 people suspected of swapping song files. In
order to obtain their IP addresses it hired a US company,
MediaSentry.
MediaSentry spots piracy by scanning P2P networks for data that
suggests infringing activity. It sent a collection of IP addresses
of suspected infringers to Brein which then asked five
ISPs – UPC,
Essent, Tiscali, Wanadoo and KPN – for the identities of the
file-swappers. But the ISPs refused to reveal the names.
Brein took its case to the civil court in Utrecht.
The judge, who acknowledged that he had the power to demand that
the data be handed over by the ISPs, denied the request. His
reasoning centred on the fact that Brein had used a US intermediary
to collect the IP addresses.
The EU has a strict regime of data protection that is not shared
by the US. But to facilitate flows of personal data between EU
countries and the US, companies can sign up to a so-called "Safe
Harbor" framework. The framework is voluntary but by certifying to
the Safe Harbor, US companies will given an assurance of "adequate"
privacy protection.
The Dutch court was critical of the fact that Brein had employed
MediaSentry to find the IP addresses of the suspected file-sharers.
It noted that MediaSentry had not signed up to the Safe Harbor
framework. The judge said that "privacy is insufficiently protected
in the United States".
Also, in looking for the IP addresses, MediaSentry's software
scans all the content of the shared folder on the suspect's hard
disk. In that process, the judge observed, "it may have accessed
private files."
Since neither Brein nor MediaSentry could prove that no private
files had been accessed during the trawl of shared files, the case
was dismissed.
Brein has advised that it will appeal.
