This article is also available in:
Deutsch: Schweizer Gericht erklärt die Sammlung von IP Adressen für unzuläss...
The Swiss Federal Court overturned on 8 September 2010 a previous court decision and ruled that the software identifying IP addresses of alleged unauthorised music uploaders was infringing the data protection law.
Switzerland-based anti-piracy company Logistep has used software to collect IP addresses from P2P users, seeking for alleged copyright infringers and passing on the addresses to rights holders. The company has thus provided, in the last years, evidence used in lawsuits against individuals accused of copyright infringement. Most of these lawsuits took place is Germany and the UK, but similar techniques have been recently used by rights holders against BitTorrent downloaders in the US.
Although Switzerland is not part of the EU and therefore not bound to observe the Data Protection Directive, the Swiss Federal Court considered IP addresses as personal data. The court backed up the country's data commissioner who, in 2008, said that Logistep violated Switzerland's Data Protection Act when it used the software and asked the company to cease probing peer-to-peer networks without a legal basis.
In its decision, the Federal Supreme Court has established a clear boundary against the arbitrary probing of personal privacy on the Internet. Logistep will therefore no longer be able to collect IP addresses without the authorization of the persons affected by the action and therefore will be unable to pass on allegedly copyright infringing addresses to rights holders to sue file sharers.
Richard Schneider of Logistep stated that his company's work was legal in other European countries and that the company might leave Switzerland. In his opinion, the Swiss court's decision could lead to "a massive and uncontrolled illegal distribution of copyright-protected content in Switzerland, a sort of legal limbo".
In France, CNIL (Commission Nationale de l'Informatique et des Libertés- French Data Protection Authority) has authorised four collective societies to collect IP data, that will later be used in the application of the three strikes (HADOPI) law. However CNIL's report notes that there is no control on the software produced by the French company that collects IP addresses, which leads to an almost automatic and blind sanction from Hadopi authority.
Swiss court rules IP address-tracing software breached data protection law
(10.09.2010)
http://www.out-law.com:80//default.aspx?page=11364
Court: Logistep Can't Collect P2P Users' IP Addresses (8.09.2010)
http://newteevee.com/2010/09/08/court-logistep-cant-collect-p2p-users-...
Federal Supreme Court decision regarding Logistep AG (9.09.2010)
http://www.edoeb.admin.ch/aktuell/01688/index.html?lang=en
HADOPI : CNIL denounced the absence of TMG control! (only in French,
20.09.2010)
http://www.numerama.com/magazine/16826-hadopi-la-cnil-avait-denonce-l-...
CNIL Report related to Hadopi law (10.06.2010)
http://www.pcinpact.com/media/rapport-sprd-hadopi-pour-transmission.do...