High Court Quashes Data Protection Commissioner's Objection To Graduated Response System

Author:Mr Alistair Payne and Gerard Kelly
Profession:Matheson Ormsby Prentice

On 27 June 2012, Mr Justice Charleton gave his decision in the judicial review action taken by the Irish recording companies to prevent the graduated response system (GRS) agreed with eircom, the largest ISP in Ireland, being shut down as illegal. The decision quashed the Data Protection Commissioner's (DPC's) objections on administrative grounds, ie, inadequacy of reasons, but for now at least the decision permits the continuation of the GRS as one way of combating online copyright infringements in Ireland.

The DPC issued an Enforcement Notice on 11 January 2012 requiring that eircom discontinue the GRS following a subscriber complaint. The subscriber in question was wrongly notified of a copyright infringement on his account due to an error by eircom in correlating the dynamic IP address used in the copyright infringement with the correct customer account as eircom had failed to change its clocks back one hour for winter time. This led to 391 incorrect copyright infringement notices or "strikes" being sent to subscribers.

Eircom had agreed to implement the GRS, or in this case "4 strikes" policy, as part of a settlement back in 2009 when the recording companies sought an injunction against eircom from the Commercial Court requiring it to stop copyright infringement on its network. Similar proceedings were issued the same year against UPC seeking an injunction that UPC, amongst other things, adopt a GRS. MOP successfully defended UPC in those proceedings.

Mr Justice Charleton had in April 2010 given a decision at the request of the recording companies that the GRS adopted by eircom was compliant with data protection law. The DPC had entered into correspondence with the relevant parties prior to this earlier decision expressing a contrary opinion but did not take part in the court proceedings. The DPC claimed in the more recent proceedings that the law had changed since April 2010 and the issue of compliance of the GRS with data protection and privacy laws must be revisited.

The Enforcement Notice stated, amongst other grounds, that eircom was breaching data protection law by (i) surveilling traffic data and not erasing it when it was no longer needed, and (ii) processing personal data in a manner incompatible with which it was obtained and without the proper and informed consent of subscribers. It was also stated that eircom had failed to process data accurately referring to the notices being sent to the wrong subscribers on foot of the...

To continue reading