Swiss court rules that IP address collecting software is illegal

By EDRi · September 22, 2010

This article is also available in:
Deutsch: [Schweizer Gericht erklärt die Sammlung von IP Adressen für unzulässig | http://www.unwatched.org/node/2202]

The Swiss Federal Court overturned on 8 September 2010 a previous
court decision and ruled that the software identifying IP addresses of
alleged unauthorised music uploaders was infringing the data protection law.

Switzerland-based anti-piracy company Logistep has used software to collect
IP addresses from P2P users, seeking for alleged copyright infringers and
passing on the addresses to rights holders. The company has thus provided,
in the last years, evidence used in lawsuits against individuals accused of
copyright infringement. Most of these lawsuits took place is Germany and the
UK, but similar techniques have been recently used by rights holders against
BitTorrent downloaders in the US.

Although Switzerland is not part of the EU and therefore not bound to
observe the Data Protection Directive, the Swiss Federal Court considered IP
addresses as personal data. The court backed up the country’s data
commissioner who, in 2008, said that Logistep violated Switzerland’s Data
Protection Act when it used the software and asked the company to
cease probing peer-to-peer networks without a legal basis.

In its decision, the Federal Supreme Court has established a clear boundary
against the arbitrary probing of personal privacy on the Internet. Logistep
will therefore no longer be able to collect IP addresses without the
authorization of the persons affected by the action and therefore will
be unable to pass on allegedly copyright infringing addresses to rights
holders to sue file sharers.

Richard Schneider of Logistep stated that his company’s work was legal in
other European countries and that the company might leave Switzerland.
In his opinion, the Swiss court’s decision could lead to “a massive and
uncontrolled illegal distribution of copyright-protected content in
Switzerland, a sort of legal limbo”.

In France, CNIL (Commission Nationale de l’Informatique et des Libertés-
French Data Protection Authority) has authorised four collective societies
to collect IP data, that will later be used in the application of the three
strikes (HADOPI) law. However CNIL’s report notes that there is no
control on the software produced by the French company that collects IP
addresses, which leads to an almost automatic and blind sanction from Hadopi
authority.

Swiss court rules IP address-tracing software breached data protection law
(10.09.2010)
http://www.out-law.com:80//default.aspx?page=11364

Court: Logistep Can’t Collect P2P Users’ IP Addresses (8.09.2010)
http://newteevee.com/2010/09/08/court-logistep-cant-collect-p2p-users-ip-addresses/

Federal Supreme Court decision regarding Logistep AG (9.09.2010)
http://www.edoeb.admin.ch/aktuell/01688/index.html?lang=en

HADOPI : CNIL denounced the absence of TMG control! (only in French,
20.09.2010)
http://www.numerama.com/magazine/16826-hadopi-la-cnil-avait-denonce-l-absence-de-controle-de-tmg.html

CNIL Report related to Hadopi law (10.06.2010)
http://www.pcinpact.com/media/rapport-sprd-hadopi-pour-transmission.doc