In its quest to identify the owner of a file-sharing site, Dutch anti-piracy group BREIN pressured one of the largest banks in the Netherlands to hand over his or her personal details. In a decision this morning the Amsterdam Court said that while BREIN has a responsibility to enforce copyright on behalf of its members, the bank has a greater responsibility to protect its customers’ privacy.
Founded way back in 2001, FTD grew to become the largest Usenet community in the Netherlands with around half a million members. The site indexed content on Usenet – typically movies, music and TV shows – via the ‘spots’ of its members.
This activity eventually caught the attention of Dutch anti-piracy group BREIN who labeled FTD a criminal operation. In February 2011 the Haarlem Court ruled that FTD provided a promotional venue for uploaders of infringing material and deemed the site to operate illegally. FTD was ordered to remove listings of copyrighted files and the operation soon disappeared.
With FTD gone and with a helpful ruling in hand, BREIN moved to positively identify the owner of another ‘spotting’ site called FTD World, a site offering similar services to the old FTD.
BREIN discovered a bank account with connections to the site and said that ING, one of the largest banks in the Netherlands, could provide the information it was looking for. Citing the Data Protection Act, ING refused to cooperate.
The case went to court and this morning a ruling was handed down. The Amsterdam Court decided that ING is not obliged to hand BREIN the personal details behind the bank account.
The Court recognized that BREIN has responsibilities to take action against those infringing the copyrights of its members but noted that ING has obligations to protect the privacy and interests of its customers. When balancing the two sets of needs, copyright enforcement versus banking privacy, the bank’s responsibilities come out on top.
“Under data protection law, you can only use personal information for proper and clearly defined legal goals. Using information for different goals requires an extraordinary interest that outweighs the privacy of the person involved,” Arnoud Engelfriet, a lawyer specializing in Internet law at the ICTRecht law firm, told TorrentFreak.
“The court says that because of the important position a bank plays in society, this is a really high bar to meet and BREIN has not met it.”
In its ruling the Court also noted that BREIN was not allowed to rely on case law which obliges ISPs and webhosts to hand over personal details in copyright cases. Since ING is a bank, it is in no position to understand the legal status of a website.
“While there is a relationship between an ISP or hosting provider and copyright infringement, there is no relationship between ING and copyright infringement,” the Court wrote.
BREIN was also informed by the Court that there were other avenues through which it could have obtained the information, but had failed to use them.
“BREIN had not contacted the Russian hosting provider, for example,” Engelfriet explains. “On the site, next to the bank account details, the name of the holder was given, but BREIN had not even called her to ask where the money went. BREIN said she was likely a ‘money mule’ so it would have been pointless to ask, but the court says you don’t know that till you try.”
Also, BREIN failed to back up its claims of criminal activity with an appropriate complaint to authorities.
“BREIN had not filed a police complaint even though it alleged the actions were a criminal offense (aiding & abetting copyright infringement). It should have done all that before starting this lawsuit,” Engelfriet concludes.
The anti-piracy group is disappointed with the ruling.
“This is not acceptable to us. Fraudsters and scammers can not trust that banks will not pass on their data,” said BREIN boss Tim Kuik.