nick at foobar
Jun 1, 2011, 5:25 AM
Post #8 of 11
On 01/06/2011 07:09, Brian E Carpenter wrote:
> That's why anonymised traces are common. However, the informed legal opinion
> may not apply to cases where IP addresses cannot be tied to individuals.
This isn't really relevant to ipv6, but...
It's a difficult area. On the one hand, there is a EU working group
opinion (I don't have the reference for this right now) to the effect that
the combination of IP addresses and timestamps unquestionably constitutes
personally identifiable information as defined in the data protection
directives. While this interpretation is not legally binding in any way,
it's the sort of thing that would be given very serious consideration by a
court of law.
On the other hand, there was an analysis of the situation in the High Court
in Ireland in 2009 (as part of the well-known EMI & Others vs Eircom case),
which for the purposes of that case concluded that IP addresses and
timestamps of were certainly personally identifiable information when
linked to a customer database, but perhaps not in other cases. E.g. they
would be personally identifiable information for an ISP, but so long as
there was no feedback from the ISP about the user of the address at the
time, not for a third party company which was in the business of collecting
information about potential criminal copyright ingringement. While this
was unreported, the opinion was echoed in the EMI&Ors vs UPC case in 2010,
where Justice Peter Charleton noted:
I find it impossible to recognise as a matter of constitutional law, that
the protection of the entitlement to be left in the sphere of private
communications could ever extend to conversations, emails, letters,
phonecalls or any other communication designed to further a criminal
enterprise. Criminals leave the private sphere when they infringe the
rights of other, or conspire in that respect.
In the case of internet file sharing to infringe copyright, I am of the
view that there are no privacy or data protection implications to detecting
unauthorised downloads of copyright material using peer-to-peer technology.
So once you conspire to commit a crime, you leave behind some of your
rights, including certain rights to data protection.
Outside this, while I'm not aware of any specific judgements which
categorically declare IP addresses and timestamps to be personally
identifiable information, my recollection of the 2009 hearing left me with
the very strong impression that this was extremely delicate ground to tread
on, and that legal judgement could easily go one way or the other in the