Ziggo bv โ Court Ruling (Netherlands, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Dutch court ruled that Ziggo, an internet provider, cannot share customer data with a copyright group without proper permissions. This decision highlights the importance of protecting customer privacy, even when dealing with copyright issues.
What happened
Ziggo refused to share customer data with Stichting BREIN, a copyright enforcement group, without a permit.
Who was affected
Ziggo's customers who were allegedly involved in copyright infringements.
What the authority found
The court decided that Ziggo would need a permit from the Dutch DPA to share customer data, even if a copyright infringement was established.
Why this matters
This case emphasizes that companies must obtain proper permissions before sharing customer data, reinforcing the need for privacy safeguards even in copyright enforcement scenarios.
GDPR Articles Cited
National Law Articles
The controller is Ziggo bv. The data subjects are customers of Ziggo. Ziggo is the largest internet service provider in the Netherlands. Stichting BREIN is dedicated to claims against copyright infringements on behalf of its members. BREIN states that more than 200 e-books are made available to the public through an 'open directory' with an IP-address made available by Ziggo. BREIN demands Ziggo to send a warning to the user to which the IP-address belongs for said copyright infringement. Ziggo refuses to send such a message. Alternatively, BREIN wants Ziggo to provide NAW-data (name, address and residence) of the user of the IP-address. This will enable BREIN to send the letter independently. BREIN also demands all of the above for every customer of Ziggo that infringes on the copyright of its members through an open directory in the future. BREIN states that the copyright infringement in question is established. In addition, BREIN states that Ziggo does not need a permit from the Dutch DPA nor a DPIA for these actions. Ziggo disputes these notions. The Court notes that it cannot establish that the user of the IP-address made the copyright infringement. In the hypothetical situation that an infringement would be established, the Court held that Ziggo would still need a permit from the DPA pursuant to Article 33(4)(c) UAVG. First, to connect the IP-address and NAW-data in order to send a warning and second, for the provision of NAW-data to BREIN. BREIN's argument that no personal data is processed by Ziggo on behalf of BREIN was disregarded by the Court, as Ziggo would use the IP-address provided by BREIN to connect the IP-address and NAW-data on behalf of BREIN. Furthermore, the Court held that Ziggo would need a DPIA (Article 35 GDPR). The Court also dismissed BREIN's argument that this is not obligated because it only constitutes an IP-address and not the processing of large amounts of criminal data. The Court stated that the (possibly large) amount of person
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Ziggo bv in NL
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Ziggo bv - Netherlands (2022). Retrieved from cookiefines.eu
Last updated: