At the beginning of March, thousands of Swedes reported the film and games industry-backed organisation for its method of tracking the downloading of copyright-protected files. APB used a piece of software to record the IP-addresses of file sharers, as well as the alias, the file name and the server through which the connection was made.
Last week APB’s lawyer, Henrik Pontén, told Computer Sweden that he does not believe an IP address could be classed as personal data.
But the Data Inspection Board disagreed, ruling that if an IP address can be linked to an individual it is classed as personal information and therefore falls under the personal data act.
Whether or not the APB’s action can be classed as a criminal offence, however, is “tricky”, said the Data Inspection Board’s Hans-Olof Lindblom.
“It depends on how you assess the significance of what they did. If it classed as a minor infringement then it is not punishable,” Lindblom told The Local.
Over the last year APB has reported hundreds of people to the police and has sent up to 2,000 emails a day to internet service providers notifying them of misuse. But according to the Data Inspection Board’s findings, the group had no right as a private enterprise to collect the information in the first place.
APB has already stopped using its own data collection software and has already reported over 200 suspected miscreants directly to the police.
“We have other methods than storing IP addresses for tracing people who break copyright laws concerning films and games,” said APB’s lawyer, Henrik Pontén.
Members of the public have now stopped reporting APB – but file-sharers could find the group back on their case quicker than they thought.
According to the Data Inspection Board, an organisation may apply for exemption from the personal data act.
“I’ve just heard that APB intend to ask for permission to continue storing data. We expect their application on Monday and then the Board will decide,” said Hans-Olof Lindblom.