On Monday, May 16, 2016, the Supreme Court of the United States issued its highly anticipated opinion in Spokeo, Inc. v. Robins, a case that examined the question of whether a plaintiff who ...25 May 2016
Second Circuit Rules Anonymity of Internet Users Not Protected by First Amendment
Thanks to Eric Bukstein in the Hogan Lovells privacy group for providing this report.
On May 3, 2010, in Arista Records v. Doe 3, a Second Circuit panel issued an opinion finding that an Internet user’s right to remain anonymous is not sufficient to prevent an ISP from revealing his identity in a copyright infringement dispute. The court held that a record label may subpoena information about Internet users connected to IP addresses if there is sufficient evidence that the IP addresses had been used to illegally share music.
A group of record labels had evidence suggesting that specific IP addresses connected with the State University of New York at Albany (“SUNYA”) had been used to infringe on the record labels’ copyrights by sharing music on peer-to-peer networks. The record companies subpoenaed SUNYA for disclosure of the names and contact information of the individuals associated with the IP addresses. After being notified of the subpoena by SUNYA, the defendant moved to quash the subpoena, arguing that “the First Amendment affords a qualified right to use the Internet anonymously.” In the district court, both a magistrate judge and a district judge both rejected this argument and refused to quash the subpoena.
In affirming, the Second Circuit held that “to the extent that anonymity is used to mask copyright infringement or to facilitate such infringement by other persons, it is unprotected by the First Amendment.” The court adopted a five-factor test set forth in a different case by the U.S. District Court for the Southern District of New York to determine whether an Internet user’s right to anonymity requires that a subpoena be quashed. These factors are:
(1) [the] concrete[ness of the plaintiff’s] showing of a prima facie claim of actionable harm, . . . (2) [the] specificity of the discovery request, . . . (3) the absence of alternative means to obtain the subpoenaed information, . . . (4) [the] need for subpoenaed information to advance the claim, . . . and (5) the [objecting] party’s expectation of privacy.
Sony Music Entertainment Inc. v. Does 1-40, 326 F.Supp.2d 556 (S.D.N.Y. 2004). The court found that all five factors weighed against the defendant and his right to anonymity.
The court also dismissed the defendant’s arguments that the record labels should be required to meet a heightened pleading standard in order to compel the identification of anonymous Internet users. The court held that the facts in the complaint were sufficient to state plausible copyright infringement claims, and this was sufficient to compel SUNYA to reveal the defendant’s identity.
This opinion follows several other cases recently discussed in the Chronicle of Data Protection in which courts addressed whether an ISP is required to disclose the identities of Internet users.
Last August, in Cohen v. Google, a New York court granted a motion forcing Google to reveal the identity of an anonymous blog poster who had allegedly defamed a Manhattan-based model on a blog entitled “Skanks of NYC.” Also last August, in Solers, Inc. v. Doe, the D.C. Court of Appeals articulated its own five-part test to determine whether to quash a subpoena seeking the identity of an anonymous defendant who had allegedly provided a tip to the Anti-Piracy Division of the Software & Information Industry Association that Solers, Inc., a software company, was using unlicensed software. The court granted leave for the plaintiff to amend its complaint to present evidence sufficient to meet these new standards.
Looking forward, the question will often not be whether a court will force an ISP to reveal the identity of an anonymous Internet user, but rather how strong a plaintiff’s pleadings must be before a court will allow for a subpoena to compel the identity of an anonymous Internet user.
The French Data Protection Authority (CNIL) has announced its inspections program topics for 2016, with health data, flight passengers’ data, and data used for marketing and Internet...20 May 2016