ACS Law is a London based law firm specializing in file-sharing infringement cases. The firm’s practice includes acting for copyright holders, whom the firm advises on legal action against individuals allegedly guilty of unlicensed file sharing.
ACS Claim Process
Typically, the story begins with an individual receiving a letter from ACS Law alleging that a file (usually pornographic, the cases we have seen refer to “Party Babes”) belonging to ACS’ client has been illegally downloaded. ACS’ letter states that ACS has used a court order to oblige the relevant ISP to reveal the IP address to which the file was downloaded. The letter then identifies the individual as the owner of the IP address, claims that the owner has infringed ACS Law’s client’s copyright and points out the legal consequences. Letters that we have seen and advised upon contain a settlement offer, whereby in return for a sum (typically around £495) ACS’ client will drop the claim.
ACS has allegedly sent claim letters to thousands of people. Concerns have been raised that many individuals may be mistakenly accused, particularly given the fact that ACS’ case typically relies on identifying an individual via an IP address. An IP address may be used by someone other than the individual to whom the IP address relates, either by someone using the individual’s computer, or by third party access to the IP address via an unsecured wifi connection or a virus. Websites have been set up to offer assistance to genuinely innocent individuals, such as http://beingthreatened.yolasite.com/.
Concerns have grown into outcry on numerous sites and forums, with ACS Law apparently being scrutinized by the Solicitors Regulation Authority. Concerns turned into a full blown attack on ACS Law when hackers obtained details from ACS’ website of over 5,300 individuals the firm was pursuing for unlicensed filesharing.
Data Breach
The disclosure of the details of the individuals’ data, if it contained personal data, would potentially be a breach by ACS of UK data protection legislation: the Seventh Principle of the Data Protection Act 1998 requires that “appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data”.
The UK’s data protection watchdog, the Information Commissioner, has already expressed his concern about the situation (see interview here), and will want to establish whether ACS had put in place appropriate measures to prevent such disclosure. The Information Commissioner has the power to fine any organisation who breaches the data protection laws up to £500,000. The gravity of this situation, including in particular details of pornography allegedly downloaded by the individuals whose data has been disclosed, means that the ICO will take a particular interest in this case.
Defence
Ultimately, ACS may rely on an argument that the law firm had done everything appropriate and that even the best IT defence can’t protect against a determined hacker. This would be ironic, since many of the denials received by ACS from alleged file infringers rely on exactly the same defence.
By Rory Campbell
- Follow Forde Campbell on Twitter
Tuesday 28 September 2010
Thursday 2 September 2010
Germany's Facebook Ban
Last week a draft bill was backed by the German government limiting the use of Facebook by employers when hiring new staff. The proposed legislation will still allow employers to consult other social websites that make job information and networking public, such as LinkedIn or Xing. However, if an employer was to “befriend” an employee or hack into their account to access private data, with the intention to use the information against them, the employer could expect a fine of up to €300,000.
This development comes off the back of a number of workplace scandals that have recently surfaced. Deutsche Telekom (telecommunications company), Deutsche Bahn (national railway) and Lidl (retailer) are amongst the highest profile employers involved. The bill still faces a final debate and vote in parliament but is speculated to become law as early as this year.
One issue envisaged with the new proposed law is the difficulty in enforcing it. For example, it will be difficult for any employee to prove that personal information from their page on any private social network has made its way into hiring files.
The bill marks the increasing growth of German government control of data privacy. The same bill plans to restrict the use of video recording employees in places where they are not made aware of such use, despite arguments from opponents claiming that the proposal will affect anti-theft measures and employee corruption.
Separately, the German Data Protection Authority is investigating Google Street View for issues of privacy and allegations of collecting unencrypted wifi data. Google have said that this was a mistake and have stopped this process. Google have also introduced tools for German residents to opt out of their property being displayed on the street image software. Meanwhile, German authorities are also testing Apple on their data collection policies for devices like the iPhone.
The proposed bill for Germany seems to be welcomed amongst politicians. Up until now there has been no such legislation regulating social networking websites in this way. It is hoped that it will provide future guidance for courts in the growing number of cases involving networks such as Facebook. It is unknown at this stage whether the UK is soon to follow in Germany's legislative steps.
This blog was largely contributed by Nicola Mallon, whose copyright and moral rights in the blog are asserted. Many thanks to Nicola from everybody at Forde Campbell.
This development comes off the back of a number of workplace scandals that have recently surfaced. Deutsche Telekom (telecommunications company), Deutsche Bahn (national railway) and Lidl (retailer) are amongst the highest profile employers involved. The bill still faces a final debate and vote in parliament but is speculated to become law as early as this year.
One issue envisaged with the new proposed law is the difficulty in enforcing it. For example, it will be difficult for any employee to prove that personal information from their page on any private social network has made its way into hiring files.
The bill marks the increasing growth of German government control of data privacy. The same bill plans to restrict the use of video recording employees in places where they are not made aware of such use, despite arguments from opponents claiming that the proposal will affect anti-theft measures and employee corruption.
Separately, the German Data Protection Authority is investigating Google Street View for issues of privacy and allegations of collecting unencrypted wifi data. Google have said that this was a mistake and have stopped this process. Google have also introduced tools for German residents to opt out of their property being displayed on the street image software. Meanwhile, German authorities are also testing Apple on their data collection policies for devices like the iPhone.
The proposed bill for Germany seems to be welcomed amongst politicians. Up until now there has been no such legislation regulating social networking websites in this way. It is hoped that it will provide future guidance for courts in the growing number of cases involving networks such as Facebook. It is unknown at this stage whether the UK is soon to follow in Germany's legislative steps.
This blog was largely contributed by Nicola Mallon, whose copyright and moral rights in the blog are asserted. Many thanks to Nicola from everybody at Forde Campbell.
Subscribe to:
Posts (Atom)
