In this case, the question was whether the European directives on copyright law and on electronic commerce (and relevant provisions of the new Charter of Fundamental Rights) required a member state to provide for the disclosure (by ISPs, to rights holders) of the identities of Internet users. And the answer, it seems, is that, in the context of other European directives on privacy and data protection and those fundamental rights again, such is not *required*, although it’s not entirely clear whether member states are *permitted* to do so anyway. Such is reserved for another day, with the general warning that the factors are the various directives, fundamental rights, and proportionality. That means, though, that the local court (Spain) has to figure out whether the disclosure is justified in this particular case (it was, in that characteristic feature of European Union law, a preliminary reference to the ECJ). I did comment on Damien’s post back in the summer that the opinion of the Advocate General was just that – an opinion – but it seems that the Court has followed it quite closely.
The Irish caselaw on this point is an ex tempore decision, EMI v Eircom. The position here is thus that details can be handed over with a court order. I wonder if there is any scope for a future case along similar lines being heard in the context of the more detailed criteria set out by the ECJ? Certainly, the situation in that case was not a satisfactory hearing of all the legal issues (including the fundamental rights or proportionality impact) that one would think that the ECJ’s line would now demand. (However, if I understand it correctly, the court’s power to grant such an order is a common law one (albeit in the context of the copyright offences where they exist), not flowing directly from copyright law nor from the EU directives as implemented domestically?)