For a while there has been one pair of contradictory answers to the question of whether an IP address was personal data. Two different German courts were asked about addresses in the log of a web server: one said that was personal data, the other said it wasn’t.
Now we seem to have another pair. A few months ago a court in Ireland was asked to rule on whether an agency was processing personal data when it examined traffic on a network, identified copyrighted files and reported them, with the originating IP address, to the relevant ISP. The Irish court said that it wasn’t (case: EMI Records & Others -v- Eircom Ltd [2010] IEHC 108). Now a Swiss court has been asked the same question and has decided, on the contrary, that the agency is processing personal data, that it has no legal grounds for doing so and must therefore stop its activities (report on NewTeeVee). Switzerland (not part of the EC) has its own privacy law, so perhaps this difference isn’t surprising, though in fact the Swiss definition of personal data – “all information relating to an identified or identifiable person” – looks pretty similar to the European one.
But what puzzles me is that, particularly in the copyright enforcement cases, the courts seem to be asking the wrong question. Both Swiss and EC law allow personal data to be processed without the user’s consent if the processing is “in the legitimate interests of a natural or legal person, provided that the interests or the rights and freedoms of the data subject are not overriding” (Recital 30 of Directive 95/46/EC). Enforcing copyright is clearly in the interests of the rightsholder (a legal person), so the courts could instead have looked at whether or not those interests were overridden by the rights and freedoms of the individual user. That sort of discussion seems to me much more likely to produce a satisfactory and consistent (or at least justifiably inconsistent) outcome and a useful guide to how to approach a lot of other privacy questions. Unfortunately it seems to be a discussion that isn’t taking place at the moment (unless you know differently, of course).
