The good folks at Out-Law.com spell out a recent European Court of Justice ruling:
The Data Retention Directive does not contain terms that prevent internet protocol (IP) addresses that ISPs must store under the terms of the law from being used by rights holders in civil legal proceedings to identify alleged copyright infringers, the Court said.
It said that other EU laws on privacy and electronic communications (e-Privacy Directive) and the enforcement of intellectual property rights (IPR Directive) read together allow member states to form national laws that provide a means for rights holders to obtain disclosure of personal data about alleged illegal file-sharers subject to the condition that courts in those countries can determine the legitimacy of disclosure on a case-by-case basis.
Read more on Out-Law.com.
If I’m understanding their analysis, a country (member state) can choose not to enact law that would require ISPs to turn over information in such disputes, but if it does enact such legislation permitting it, there has to be protection of the user’s rights so that the court considers the matter on a case-by-case basis. No big John Does 1-2 million type cases there, then? Or have I misunderstood the ruling?
So much for “to combat terrorism and other serious offenses” function creep much?