Stichting Brein โ Court Ruling (Netherlands, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Dutch court ruled that an internet service provider, Ziggo, cannot be forced to share user details with a foundation trying to combat copyright infringement. The court decided that combining IP addresses with personal details without permission violates privacy rules. This case emphasizes the limits on how companies can use personal data.
What happened
Stichting Brein tried to make Ziggo share user details linked to IP addresses for copyright warnings.
Who was affected
Internet users whose IP addresses were identified by Stichting Brein were affected.
What the authority found
The court held that Ziggo lacked a legal basis to process personal data related to criminal offenses without proper permission.
Why this matters
This ruling sets a precedent that companies must have clear legal grounds to share personal information, reinforcing privacy protections for users.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
Stichting Brein is a foundation involved in collectively counteracting and preventing copyright infringements. Ziggo is one of the largest internet service providers (ISPs) in the Netherlands. In December 2020, Brein started the "FLU-warning campaign". The aim of this campaign was to send warning letters to holders of IP addresses of which Brein, using special software, had found that they had uploaded copyright infringing material via BitTorrent for at least two times in a span of four weeks. However, Brein did not possess the name and address details of the torrent users, but only their IP-adresses. Hence, it needed the cooperation of Internet Service Provider (ISP) to link an IP address to name and address details. With this information, Brein would be able to send the warning letters. Ziggo, however, did not want to cooperate voluntarily. Therefore, Brein filed a submission at the Midden-Nederland Court of First Instance (Rechtbank) to force Ziggo to send the warning letters to the respective users. The first instance Court rejected this submission in a previous interim relief proceeding. This Court of First Instance held that combining IP addresses and contact details of ISP clients entailed the processing of personal data relating to criminal convictions and offences or related security measures (criminal data) pursuant to Article 10 GDPR. The ISP didn't receive a permit from Dutch the DPA to process criminal personal data, and therefore lacked a legal basis. The Court also held that Articles 32 and 33 UAVG (Dutch law for the implementation of the GDPR) were the only provisions which contained 'appropriate safeguards' as stated in Article 10 GDPR. Brein appealed this ruling. The Court of appeal held that it had to answer two questions: (1) if there was a legal basis that could force the ISP to cooperate with the request of Brein and (2) if the ISP was even allowed to combine the contact details and the IP addresses in the first place. The Court held that bo
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Stichting Brein in NL
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Stichting Brein - Netherlands (2022). Retrieved from cookiefines.eu
Last updated: