Dutch anti-piracy group BREIN collects IP addresses of persistent pirates and asks the associated ISPs to forward warnings to these subscribers. The Netherlands' largest ISP, Ziggo, refused to do so due to privacy concerns. This week, a local court agreed that ISPs indeed need a separate data processing license to forward BREIN's warning letters.

justiceWhen it comes to civil anti-piracy enforcement, BREIN is without a doubt one of the best-known players in the industry.

The group, which receives support from Hollywood and other content industries, has shuttered hundreds of sites and services in recent history.

BREIN has also targeted several prolific BitTorrent uploaders over the years, with success. However, tracking down and going after individual file-sharers is quite resource-intensive and the anti-piracy group aims to cast its net wider.

Sending Warning Letters Pirates
To expand its reach, the group previously obtained permission from the Dutch Data Protection Authority to track and store the personal data of alleged BitTorrent pirates. This request was granted and roughly a year ago BREIN announced the start of its mass warning campaign.

Unlike other copyright enforcement groups, BREIN is not interested in casual pirates. Instead, it focuses on the bigger fish and asks Internet providers to forward a warning to these subscribers.

This sounds like a balanced approach which would be relatively easy to pull off in the United States and other countries where forwarding piracy notices is standard procedure. In the Netherlands, however, this isn’t straightforward at all.

Ziggo Refuses to Forward
When BREIN sent its warnings to the country’s largest ISP Ziggo, the company refused to forward the warnings to its subscribers. According to Ziggo, linking IP addresses to specific subscribers raises serious privacy concerns, even if the personal information isn’t shared with BREIN.

BREIN was disappointed with this response and it took the matter to court. The group hoped to get the green light, but the Utrecht court decided otherwise.

After hearing the arguments from both sides, the court sees no reason to conclude that BREIN’s warning program is too broad as Ziggo argued. However, the privacy concerns are legitimate.

Dutch privacy law is based on the European GDPR which has strict rules covering how and when personal information can be processed. In this case, that information is tied to potential illegal activity, which means that even stricter guidelines apply.

Court: Ziggo Needs a License
This isn’t a problem for BREIN, which already has a license to process the information. However, the court concludes that if Ziggo matches IP addresses to subscriber accounts in order to forward the warnings, it also needs a license.

At the moment, Ziggo doesn’t have permission from the Dutch Data Protection Authority to process these data so the ISP is not required to forward BREIN’s warnings.

“BREIN and Ziggo are both responsible for processing the data and therefore they must both comply with all the rules of the GDPR. BREIN complies but Ziggo doesn’t,” the court explains in a press release.

“Ziggo can only link the IP addresses to the name and address details and forward the warning letters from BREIN if it has that permit.”

Appeal
The ruling is a setback for BREIN which has worked on the warning system for many years. However, the anti-piracy group is not giving up and states that Ziggo is acting unlawfully if it does not apply for a license.

BREIN adds that, even without a license, it should be possible for ISPs to forward notices. The anti-piracy group plans to make this case during its appeal, which it announced immediately.

“We believe that the GDPR does provide room for forwarding copyright infringement warnings without having to apply for a license,” BREIN director Tim Kuik says.