Eircom, which is the privately-owned former state telecoms monopoly, came to a settlement with the four major record labels EMI, Sony BMG, Warner and Universal when the companies sued it over its customers' file-sharing activities.
In the settlement Eircom agreed to operate the 'three strikes' disconnection policy advocated internationally by music labels and film studios. That deal has been scrutinised by the High Court in Ireland to ensure that its operation does not breach data protection laws.
The Data Protection Commissioner raised three issues in relation to the deal, questioning whether or not the use of internet protocol (IP) address information and monitoring of users' activities broke privacy laws.
The Court has said that on all three counts the deal is legal and can operate as planned.
The agreement covers a system in which software such as DetectNet identifies copyright-infringing activity and finds out which IP address unauthorised material is being sent to.
If that address relates to an Eircom account Eircom has agreed to write twice to the bill payer to inform them that copyright infringement has taken place and must stop. On a third occasion the internet access will be cut off.
The Court said that this activity did not break data protection laws because the record labels and DetectNet did not discover and were not interested in subscribers' identities. The information being processed did not count as 'personal data', it said.
"Neither DetectNet, or any similar service of detection, nor any of the [record labels] whose copyright material is being infringed would ever know through this process that the infringer is a particular person living in a particular place in Ireland," said Mr Justice Charleton in his ruling. "What they do know is that a particular IP address has been involved in the downloading."
"To be personal data, under the Act, the information has to identify a living individual from the data or from data in conjunction with other information in the possession of the data controller, or from other information that is likely to come into the possession of the data controller," said the judge.
"None of the [record labels] have any interest in personally identifying any living person who is infringing their copyright by means of the settlement and protocol. I do not regard it as at all likely that they will attempt in any way to use the IP address as supplied to them by DetectNet of those engaged in illegal downloading in order to find out their names and addresses," he said.
The Data Protection Commissioner also expressed concern to the Court that Eircom would be unlawfully interfering with basic rights if it disconnected households or businesses.
"[Does such processing] represent 'unwarranted [processing] by reasons of prejudice to the fundamental rights and freedoms or legitimate interests of the data subject'?" it asked.
The Court said that subscribers' contracts with Eircom stipulate that they do not use its services to infringe copyright, and that Eircom's behaviour is in line with Ireland's Data Protection Act.
"More than one of the conditions in [the Data Protection Act] is met as to both the legitimate interests of Eircom, as a responsible company, and that of the community in general," said the ruling. "The most important of those interests is that of abiding by the law. It is completely within the legitimate standing of Eircom to act, and to be seen to act, as a body which upholds the law and the Constitution. That is what the court expects of both individuals and companies."
Mr Justice Charleton said that it would be absurd to protect subscribers from action against their file-sharing activity in a way not available to copyright infringers in other contexts.
"I find it impossible to imagine that such interference is unwarranted because there is some fundamental right or freedom or legitimate interest in the data subject whereby, in contrast to those who engage in other forms of unlawful copyright theft which may leave them more readily subject to the law, the internet is used for the violation," he said. "There cannot be a right to infringe the constitutional rights of others, absent some argument as to a genuine and compelling competing right."
The Court finally addressed the Data Protection Commissioner's concerns that the processing by private organisations of data related to something that could be a criminal offence meant that the data became 'sensitive personal data' and therefore should not be processed in this way.
The Court said that this was not the case because neither Eircom nor the record labels were interested in criminal prosecutions and the software they use could not determine the 'intent' of the person behind the activity, a necessary element of a criminal act.
"In reality, no one is accusing anyone of an offence," said the ruling. "There is no issue as to anything beyond civil copyright infringement. To accuse them of the criminal offence it would have to be copyright infringement together with the mental element expressly required by the crime."