The recent Federal Court of Canada decision in Voltage Pictures LLC v. John Doe and Jane Doe (2014 FC 161) has already received considerable attention for its approach to deterring so-called “copyright trolls”: plaintiffs with “improper motives” who file multitudes of infringement lawsuits to extort quick settlements. While less headline-worthy, the decision is also important for its practical approach to weighing copyright against privacy rights. The central question was: are individuals who are suspected of engaging in illegal P2P downloading entitled to expect that their ISP will shield their identity from the copyright owner?
In the result, the Court ordered Ontario-based ISP TekSavvy to disclose the names and addresses of some 2,000 subscribers suspected of unauthorized copying and sharing of Voltage’s movies, including The Hurt Locker. To arrive at this result, the Court had to balance two competing rights that are sometimes considered to be “proprietary” by those who assert them: copyright and privacy.
The Court’s legal balancing act engaged provisions of the Copyright Act and the Personal Information Protection and Electronic Documents Act (PIPEDA). On the copyright side, the provisions at issue were sections 35 and 38, which the Court characterized as “a complete code for the recovery of damages for copyright infringement”. Under the 2012 amendments to the Copyright Act, statutory damages for infringement range from $100 to $5000. On the privacy side, the Court considered subsection 7(3) of PIPEDA, which (among other things) permits an organization to disclose personal information without knowledge or consent where the disclosure is required to comply with a court order or otherwise required by law.
The Court addressed the issues in two parts. First, it determined that the plaintiff Voltage had established a bona fide claim, and that enforcement of its rights as a copyright holder outweighed the privacy interests of the subscribers. Second, the Court considered how to ensure that privacy rights would be “invaded” as little as possible in the circumstances. To do this, the Court considered case law in the United Kingdom and the United States. One of the Court’s observations was that
[w]ith respect to privacy concerns, the cases in both jurisdictions suggest that such issues are of secondary importance as the law generally does not shield wrongdoing for reasons of privacy.
The Court concluded that it should give consideration to principles gleaned from Canadian cases, notably, the P2P file-sharing case BMG Canada Inc. v. Doe (2005 FCA 193), as well as cases from the U.S. and UK:
to weigh and balance the privacy rights of potentially innocent users of the internet versus the right of copyright holders to enforce their rights. The Court ought to balance these rights in assessing the remedy to be granted.
Having determined that an order would be made to obtain subscriber contact information, the Court “built in” important qualifications “to protect or minimize the invasion of the privacy interests of internet users”. Therefore, the order provides that:
disclosure is limited to the names and addresses associated with IP numbers (and not telephone numbers or email addresses);
the released information will remain confidential and may be used only in connection with the claims in the present action; and
the plaintiff may not disclose any of the information obtained to the general public by making or issuing a media statement.
For an interesting counterpoint on the balance between disclosure and privacy for ISP subscribers, see also our earlier post, The Fake Facebook Profile and the Veiled Victim.