In 2009, four movie studios represented by anti-piracy group Antipiratbyrån applied to the Södertörn District Court in a move designed to force ISP TeliaSonera to hand over the identity of a BitTorrent site operator.
Later that year the Court announced its decision in favor of the anti-piracy group and ordered TeliaSonera to hand over the personal details of the person alleged to be behind the SweTorrents tracker.
TeliaSonera launched an appeal against the decision but in May 2010 the Court of Appeal upheld the District Court’s ruling. Failure to comply with this decision would result in a 750,000 kronor ($109,000) fine. Nevertheless, TeliaSonera were not prepared to accept the decision and immediately appealed and took the case to the highest court in the land.
Sweden’s Supreme Court has now ruled that the final decision in the case lies with the European Court in Luxembourg, a decision that might take several years to arrive.
The root of the complexity in this case lies with Sweden’s IPRED legislation. Both Antipiratbyrån and the lower courts believe that ISPs have an obligation to hand over to rightsholders identities of customers implicated in copyright infringement cases.
On the other hand, TeliaSonera insists that all ISPs have a long-standing and fundamental obligation to protect customer privacy which precedes the introduction of IPRED, while noting conflicts between IPRED and the EU data retention directive which has not yet been implemented in Swedish law.
The introduction of IPRED was expected to make it easier to track down file-sharers, but thus far the opposite is true at some ISPs. Since there is nothing in the country’s Electronic Communications Law that instructs ISPs to store information about the IP addresses they allocate to their customers, some ISPs have stopped storing this data to protect the privacy of their customers.
The decision by the European Court in the SweTorrents case is likely to be some time coming, and in the meantime ISPs will be free to continue deleting data, at least until the data-retention directive ‘loophole’ is closed.