• by Wendy Davis , Staff Writer @wendyndavis, January 30, 2008

A European court said this week that Internet service providers in the EU need not disclose the names of suspected file-sharers who the record labels or movie industry are attempting to sue.

The court relied on Europe's strong privacy laws to rule that entertainment companies were not entitled to know the identities of users in a civil lawsuit. Rather, the court said that identities would only be disclosed in criminal proceedings.

In the United States, the RIAA has largely been able to subpoena names of users it suspects of file-sharing, but even here, there's been some pushback.

In Oregon, for instance, the Attorney General is questioning whether the RIAA's investigatory techniques in 17 recording industry subpoenas compromise privacy. "Plaintiffs may be spying on students who use the University [of Oregon]'s computer system and may be accessing much more than IP addresses," the AG's office wrote, adding that it wanted to depose the investigators to determine how they went about gathering information.

But regardless of whether the EU court's ruling will have an impact on U.S. copyright infringement cases, it could have other ramifications. Significantly, it might sway the European regulators contemplating privacy in another context -- Google's pending merger with DoubleClick. One of the fears of privacy advocates is that the companies will be able to combine Google information about users' search queries, which is tied to their IP addresses, with DoubleClick's information about which Web sites they visit to create detailed user profiles.

Just last week, Peter Scharr, who is heading an EU group studying online privacy, told a European Parliament hearing that an IP address "has to be regarded as personal data." If the European regulators agree, they might well place conditions on the Google-DoubleClick merger that will ultimately affect how the company uses data in the United States as well.