On Tuesday of this week, four major music companies issued judicial review proceedings seeking to quash an enforcement notice of the Data Protection Commissioner (the DPC).
The four companies, EMI Records (Ireland) Ltd, Sony Music Entertainment Ireland Ltd, Universal Music Ireland Ltd and Warner Music Ireland Ltd, fear that the DPC’s notice will bring an end to their “three strikes” agreement with eircom (see a previous post on this here).
The companies believe that the enforcement notice of 5 December 2011, which effectively directs eircom to cease the implementation of its three strikes policy, amounts to an unlawful attempt by the DPC to reopen data protection issues already determined by the High Court in its decision in EMI Records& Ors –v- Eircom Ltd (the DPC was not a party to these proceedings).
The challenge arises out of the fact that data protection concerns, raised by the DPC, relating to the three strikes procedure being implemented by eircom were previously declared to be in compliance with data protection legislation by Mr. Justice Charlton in his judgment in the EMI Records& Ors –v- Eircom Ltd case.
Despite the ruling of Mr Justice Charlton, the DPC, in November 2011, informed eircom of his belief that the three strikes procedure was not in compliance with data protection legislation. This was followed by the issuing of the enforcement notice requiring eircom to cease obtaining subscriber data in order to operate the procedure.
As such, the music companies claim that the DPC has operated in excess of his powers and are seeking to have the enforcement notice quashed.
However, it is noteworthy that there have been a number of Opinions released by the European Commission since the EMI Records& Ors –v- Eircom Ltd case, which will be of relevance in this particular space. In particular the Opinion of the European Data Protection Supervisor on net neutrality, traffic management and the protection of privacy and personal data published in February 2012 will no doubt be of relevance. Although this Opinion is not directly on point, it recognises that:
“…when ISPs inspect communication data in order to differentiate each communication flow and to apply specific policies, which may be unfavourable to individuals, the implications are more significant. Depending on the circumstances of each case and on the type of analysis performed, the processing may be highly intrusive for an individual’s privacy and personal data.”
Certainly, this area continues to attract controversy and discussion at both national and European level and this case will be “one to watch”. We will be sure to post further updates as the case progresses.