[LACNIC/Politicas] Los numeros IP son datos personales

Erick Iriarte Ahon eiriarte at alfa-redi.org
Fri Dec 2 15:05:59 BRST 2011

Nota Personal: Hace algun tiempo atras intente colocar este tema en el debate de LACNIC, conjuntamente con el debate de la propiedad de los numeros IP (y por ende creacion de mercados secundarios). Esta nota se refiere a una sentencia que era un tema de control de contenidos por parte de ISPs (una batalla que tiene a muchos proveedores de contenidos involucrados alrededor del mundo y a usuarios #ACTA #TPPA #HADOPI #SOPA #LeyLleras #LeyPinedo #3strike-mx entre otros).), el argumento utilizado para evitar que los proveedores de contenidos puedan acceder a "bloquear contenidos de usuarios" es que si lo hacen violarian la directiva de proteccion de datos (modelo base (en mayor o menor medida) de las leyes de proteccion de datos en argentina, uruguay, mexico, costa rica, colombia y peru (hasta el momento)). 

pero para la sentencia requerian hacer algo de una manera ordenada, era establecer si el numero ip era un dato personal y la Corte de Justicia de la Union Europea dice: "'Those addresses are protected personal data because they allow those users to be precisely identified'", siendo asi, se abre la puerta de establecer esto como un tema regional europeo, y comenzara a rebotar en nuestra legislacion latinoamericana de manera casi directa.

El equilibrio entre seguridad/acceso a informacion/derechodeautor/privacidad/propiedad de los ips/datos personales/control de contenidos/censura se tendra que redefinir en una larga extension, y la pregunta aqui es: como actuaran nuestros proveedores de contenidos, nuestras autoridades de proteccion de datos, nuestras agencias derecho de autor, CERTs, Agencias de Law Enforcement, y entidades como LACNIC. 

Pongo pues en el tema del debate a discutir una politica para LACNIC sobre: Propiedad de Numeros IP y de Datos Personales y Numeros IP


pd. adjunto la sentencia creo que sera de interes leerla (es una version en español)


Fuente: http://www.dataguidance.com/news.asp?id=1662

 Updated: 01/12/2011 
EU: CJEU: IP addresses are 'protected personal data'

The Court of Justice of the European Union (CJEU) clarified that IP addresses are 'protected personal data', on 24 November 2011, in Scarlet v SABAM (Case C-70/10), while ruling that internet service providers (ISPs) cannot be legally compelled to monitor the online activities of their customers.

The case was referred to the CJEU after an injunction granted by the Brussels Court of First Instance ordered internet service provider Scarlet to use web filtering to prevent customers from sending or receiving copyrighted files by means of peer-to-peer software. The files were songs and videos owned by SABAM members, a consortium of artists, authors, composers, and publishers. In 2004, SABAM filed the original complaint against Scarlet. 

Scarlet appealed to the Brussels Court of Appeal on a number of grounds including that the processing of IP addresses required by the filtering systems and monitoring its customers' activities would be in breach of the Data Protection Directive (95/46/EC) and the Directive on Privacy and Electronic Communications (2002/58/EC). 

Benoit Van Asbroeck, Partner at Bird & Bird, who instructed Scarlet, told DataGuidance: ''We are pleased that the CJEU has seized the occasion to clearly assess at European level the necessary balance between the protection of intellectual property rights and other fundamental rights, and has not delegated this mission to the national judge, enhancing thereby legal certainty throughout the EU. Companies will certainly need to be cautious since the application of data protection regulations may certainly not be excluded.'' 

'Those addresses are protected personal data because they allow those users to be precisely identified', read the CJEU judgment. 'When adopting an injunction requiring an internet service provider (ISP) to install filtering systems, national courts must respect the requirement that a fair balance be struck between the right to intellectual property, on the one hand, and the freedom to conduct business, the right to protection of personal data and the freedom to receive or impart information, on the other'. 

''In practice, the application of data regulations could indeed impose consumer consent in order to process IP addresses'', said Van Asbroeck. ''Regarding ISPs, this could probably be done through accepting the general terms and conditions. An extensive interpretation will refer to the general terms used by the Court and will read that all IP addresses in any context have to be considered as personal data subject to privacy regulations. Another approach is to consider that IP addresses qualify as personal data only when they allow identification of users precisely in practice. It could however be advocated that IP addresses could be considered as personal data since their capacity to enable identification of the person behind it will in fact depend on the tools of the company who holds them. This will certainly trigger numerous legal comments.''

-------------- next part --------------
A non-text attachment was scrubbed...
Name: Caso SCARLET vs SABAMSentencia Tribunal Europeo 24 Nov.	2011.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 34653 bytes
Desc: not available
URL: <https://mail.lacnic.net/pipermail/politicas/attachments/20111202/eac50174/attachment.docx>

More information about the Politicas mailing list