Switzerland’s highest court has ruled in favour of people’s privacy in a case where a firm was sharing computer IP addresses to combat internet piracy.
The Federal Court ruled on Tuesday that the firm Logistep acted illegally in collecting IP addresses and sharing them with copyright holders with a view to tracking down people who illegally upload and download film, music and games.
The court accepted the case, brought by the Swiss Office of the Federal Data Protection and Information Commissioner, and ruled that Logistep could no longer collect and share data.
The decision overturns a 2009 ruling by the Federal Administrative Court which found that in the case of Logistep, the end had justified the means.
In Tuesday’s decision, the Federal Court noted that that it did not want to be seen to be protecting pirates, but said a legal basis was necessary if the process practised by Logistep was to be allowed. There currently is no such law in Switzerland.
Logistep said it accepted the decision but promptly announced it would be relocating to Germany. Richard Schneider, of the firm’s board of directors, told swissinfo.ch that the work of Logistep was recognised in many other countries including the United States, Britain and France.
“The decision of the Swiss Federal Court damages the interests of film, music and game copyright holders, and has nullified many years of efforts - not only in Switzerland, but also in other countries - by copyright holders against the theft of music, movies, software, games, e-books, e-papers and other intellectual property over the internet.”
He added: “What’s needed is a concerted effort from those involved for the application of intellectual property rights in Swiss public life. This is vital in order to correct the misguided views many people have regarding internet piracy.”
Grounded in law
The Office of the Federal Data Protection and Information Commissioner commented that the decision confirmed that IP addresses counted as personal data and as such fall under data protection law.
“Of the many IP addresses being searched, only a very small group usually are pirates. Our aim was the protection of all those users who are not pirating anything,” said spokeswoman Eliane Schmid.
“What I want to underline, though, is we are not protecting internet pirates and this decision does not protect people who upload or download content illegally. But the search for pirates must be based on the law.”
How the decision will impact on other firms like Logistep operating in Switzerland remains to be seen, once the written ruling has been issued, the data protection office says.
Also unclear is how to respond to and coordinate the different country laws governing such issues.
The future of internet privacy and global cooperation will be among the subjects debated next week at an international conference in Lithuania, organised by the Internet Governing Forum, which works with the United Nations in carrying out a mandate on internet governance set by the World Summit on the Information Society.
The forum says on its website: “Since the internet is a pervasive global medium, neither security, nor openness, nor privacy can be fully realised unless there is strong and general global cooperation in the legal arena.”
According to Alexander Hanff of the non-governmental organisation Privacy International, there is a desire from most of the developed world to form “cohesive, international frameworks”, as evidenced for example in international events dedicated to privacy and data protection at every level from civil society, industry and national regulators.
But he remains cautious about finding common ground anytime soon. “We are still a long way from developing such a framework and often the bar is set too low in order to aid markets or on the basis of a misconceived opinion that privacy impedes national security.”
“But that said, we live in hope and that hope drives us to continue our work; the last ten years have seen far more exposure and awareness raising to the point where we are now at one of the most important crossroads we have ever faced with regards to privacy. Policy developed now will impact generations to come.”
“Data protection commissioners are working together internationally, but laws are still national, not just data protection laws. It is a problem that we face, seeing as the internet is a worldwide medium and all our laws are regional and national ones,” added Schmid of the data protection commision.
“It is certainly something society will have to deal with in the coming years and decades. There will have to be some kind of intensified cooperation.”
The Federal Data Protection and Information Commissioner’s duties involve supervising federal and private bodies and advising the authorities in the field of data protection.
The commission was set up in 1993. It can appeal an order by ministries or the chancellery if its recommendation is rejected.
Following a 2006 legal reform more transparency is required in the processing of personal data.
In June, the office backed legal amendments to put the onus on service providers to offer better protection of privacy for its customers. Users should be given a choice to “opt in” to share their information, rather than “opt out”.
Those who forego the safeguard would have to inform the provider personally. At the moment the onus is the other way round. A user who wishes not to disclose personal data has to find his way through a complex set of conditions which are also subject to frequent changes, says the data protection office.
Resolutions for global internet governance
The UN General Assembly Resolution 56/183 (21 December 2001) endorsed the holding of the World Summit on the Information Society in two phases. The first phase took place in Geneva 2003 and the second phase took place in Tunis in 2005.
The first phase aimed to develop and foster a clear statement of political will and take concrete steps to establish the foundations for an Information Society for all, reflecting all the different interests at stake. A Geneva Declaration of Principles and Geneva Plan of Action were adopted.
The second phase was to put Geneva's Plan of Action into motion as well as to find solutions and reach agreements in the fields of internet governance, financing mechanisms, and follow-up and implementation of the Geneva and Tunis documents.
The Tunis Commitment and Tunis Agenda for the Information Society were adopted on 18 November 2005. More than 19,000 participants from 174 countries attended the Summit and related events.
In 2006, UNGIS (the United Nations Group on the Information Society) was endorsed by the UN-Chief Executives Board as the new inter-agency mechanism with the main objective to coordinate substantive and policy issues facing the UN’s implementation of the outcomes of the World Summit on the Information Society .
The Geneva-based Internet Governing Forum also works with the United Nations in carrying out the mandate from the World Summit on the Information Society.