Oct 2, 2023 2 min read

EU Advocate General says anti-piracy policy can access IP addresses without breaching data law

EU Advocate General Maciej Szpunar has said that entities fighting online piracy should be able to access the IP addresses of suspected copyright infringers without violating data protection laws

EU Advocate General says anti-piracy policy can access IP addresses without breaching data law

The Advocate General of the European Union, Maciej Szpunar, last week reaffirmed his position that, under EU law, data linked to the IP address of an internet user may be accessed and stored by an authority seeking to stop online copyright infringement.

That position has been stated as part of an ongoing debate about how to balance laws that seek to protect privacy with those that seek to prevent piracy, which was instigated when concerns were expressed about the work of the French anti-piracy agency Hadopi.

The passing of the anti-piracy laws that created the Hadopi agency back in 2009 was controversial at the time, although the most controversial element - allowing the internet access of repeat infringers to be suspended - was abolished a few years later.

In order to send warning letters to - and pursue legal proceedings against - people who upload, download and generally share copyright-protected content online without licence, entities like Hadopi need internet service providers to reveal the identities of individuals connected to IP addresses where alleged piracy is occurring.

Some have raised privacy and data protection concerns about such information being made available to copyright owners or anti-piracy agencies. In the context of Hadopi, that led to some claiming that the French anti-piracy programme breached EU data protection laws.

Along the way, France's Council Of State sought clarity from the EU Court Of Justice. Szpunar actually provided an opinion on this debate a year ago, but there have been additional hearings on this issue in the court since then.

Having considered the subsequent discussions, Szpunar confirmed last week that he still "takes the view that EU law does not preclude providers of electronic communications services from being required to retain IP addresses and corresponding civil identity data and does not preclude an administrative authority responsible for protecting copyright against infringements of those rights committed on the internet from obtaining access to such addresses and data".

Such an authority having access to that data "does not make it possible to draw precise conclusions about the private life of the person presumed to have infringed copyright". And getting such data is "the only means of investigation that make possible the identification of the person to whom that address was assigned at the time when the infringement was committed".

Szpunar's conclusion on all this is not binding, but is very influential. The judges of the EU court will now make a final decision informed by what Szpunar concluded last week.

Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to CMU.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.
Privacy Policy