Norway slashes data protection rights in the name of copyright, also introduces web blocking in proposed law
Norway submitted a draft law to the EC yesterday which would allow the Norwegian Media Authority to order ISPs to block websites "where, material is being made available to a great extent, evidently infringing copyright or other rights in accordance to this Act."
Worryingly, the draft law also exempts those investigating copyright infringement from obtaining a license to process personal information under Norway's Data Protection Act, effectively removing oversight of personal data handling by organisations investigating online copyright infringement on behalf of rights holders.
The draft text also introduces a mechanism whereby rights holders can force ISPs to unmask the identity of those alleged to be involved in copyright infringement, although this process will require a decision from the district court and sounds remarkably like a Norwich Pharmacal Order (NPO) used in the UK to unmask those behind alleged infringement - and lead, ultimately, to the names and addresses of thousands of alleged file sharers to appear online, together with the title of the adult films they were alleged to have downloaded.
The account holder will be notified of the unmasking order, but only one month after the ISP has handed over the personal details.
Two things here are extremely worrying. Web blocking, of course - but I've already covered the issues in great detail.
More worrying is the attempt to exempt those investigating copyright infringement from obtaining a license under the country's Data Protection Act. As the ACS:Law data breach I mentioned above went to show - those involved in investigating copyright infringement often process sensitive personal information when e.g. it relates to adult films.
Just the title of a film can throw questions over a person's sexuality, and such questions can damage relationships. And we're only talking about mere allegations, made by those representing the rights holders, against an IP address. Whether a worried partner would understand the not inconsiderable risk that a computer in the house had been infected with malware and used as part of a file sharing network is still to be determined.
Those investigating others should be subject to more oversight over their handling of personal data, not less.
The draft law hit Brussels this morning as part of the 3-month EC notification procedure required for most "technical regulations". If Norway is anything like the UK, the law wouldn't be sent to the EC until it had been agreed by the government at cabinet level.