Over the next few days, a public authority protecting citizens’ data privacy will carry out checks on the offices of music industry group IFPI and anti-piracy group Antipiratbyrån. Lawyers and a security specialist will conduct an audit to ensure they are handling information they hold on suspected file-sharers in the correct manner.
As the world heads deeper into the information age, it becomes increasingly critical that information held by organizations on private individuals is handled in a secure and responsible manner, and used only for limited purposes.
Taking the responsibility for ensuring this happens in Sweden is the Data Inspection Board, a public authority which can audit companies and organizations holding personal information.
The Board’s connections to file-sharing go back notably to 2005, when it ruled that the activities of the Swedish anti-piracy bureau (Antipiratbyrån) went against the Personal Data Act. It decided that since IP addresses can be tied to a specific person, only the government were allowed to store that type of information in criminal cases.
Since then Antipiratbyrån has appealed the decision twice and lost, but fortunately for them, an exception was made in the IPRED legislation which now allows organizations to collect data when it precedes a legal claim, i.e suing file-sharers.
However, while anti-piracy groups are allowed to collect data, they have to comply with a set of standards enforced by the Data Inspection Board. To this end, two lawyers and an IT security expert will today head to Antipiratbyrån’s offices in Stockholm to conduct an audit.
“We want to see how the records of suspected file sharers are being handled,” said Jonas Agnvall, a lawyer at the Data Inspection Board.
Part of the reason for the inspections is to check if the anti-piracy group has changed the way it handles information following the introduction of IPRED in April this year. The legislation was widely feared by Swedish file-sharers but thus far has only led to a single case, which was thrown out by the Appeal Court.
IFPI chief executive Lars Gustafsson offered assurances in September that law suits against suspected file-sharers were very close, but noted that his group were biding their time to see how the first IPRED case panned out. As you’ve just read, that case collapsed.
Although it has taken no action against file-sharers thus far, on Monday IFPI will get a similar Data Inspection Board audit, but according to comments made to SvD, the group says it holds no data, since it outsources the task to other organizations, most probably companies like Denmark’s DtecNet.