Skip to main content
Insight

High Court rules on Norwich Pharmacal Orders in file sharing cases and the impact of the GDPR

Locations

United Kingdom

In the recent case of (i) Mircom International Content Management & Consulting Ltd & Others (ii) Golden Eye International and Others v Virgin Media & Another, the High Court considered whether the correct legal approach for granting Norwich Pharmacal Orders in file-sharing cases remained the same as that set out in the 2012 Golden Eye litigation and the effect, if any, of the GDPR.

In the recent case of (i) Mircom International Content Management & Consulting Ltd & Others (ii) Golden Eye International and Others v Virgin Media & Another, the High Court considered whether the correct legal approach for granting Norwich Pharmacal Orders in file-sharing cases remained the same as that set out in the 2012 Golden Eye litigation and the effect, if any, of the GDPR.

The High Court confirmed that it was the correct approach to follow, but that in the present case, due to a fundamental defect in evidence, the application had to fail. The case also confirms that the regime seems to remain unaffected by the GDPR.  

What is a Norwich Pharmacal order?

As a reminder, a Norwich Pharmacal Order, or third party disclosure order, is an equitable form of relief granted (only where necessary) by the court requiring a respondent (Virgin Media in this case) to disclose certain documents or information (being the contact details of individuals associated with certain IP addresses) to an applicant. Typically, with an NPO, the applicant knows that wrongdoing has occurred, but cannot identify the wrongdoer, but can identify a third party with relevant information. An NPO can be granted before proceedings, during proceedings or post-judgment.

Background

In 2012, in the well-known Golden Eye litigation, Golden Eye sought an order requiring Telefónica/02 to disclose details of customers who were alleged to have infringed copyright by downloading and sharing pornographic films on peer-to-peer networks. In that case, Golden Eye (and others) were successful in obtaining the Norwich Pharmacal relief sought and the High Court confirmed the following requirements must be met in order to grant an NPO:

(i) there must be a good arguable case that there was a wrong committed against the Applicant;

(ii) the Respondent is involved in the wrongdoing;

(iii) the Applicant is intending to seek redress;

(iv) the disclosure of the information sought is necessary for the Applicant to pursue the redress; and

(v) it is necessary and proportionate to grant the order, i.e. the rights claimed must be proportionate to the rights of the individuals whose details would be disclosed. The court should exercise its discretion in favour of granting the relief.

(See 2012 High Court ruling and Court of Appeal ruling. We also published a blog on the High Court ruling - 02 ordered to disclose customer details).

Summary of the case

Resting on their laurels and with their 2012 success behind them, Golden Eye, together with Mircom International, sought Norwich Pharmacal relief against Virgin Media requiring them to disclose the names and addresses of tens of thousands of residential broadband subscribers who the claimants accused of illegally downloading pornographic films "leaving little to the imagination", in which the claimants owned copyright. The Applicants claimed that the present case 'was indistinguishable from the 2012 Golden Eye litigation' and that the judge should 'simply apply the same approach'.

Far from being indistinguishable, the case was plagued with procedural errors and fundamental defects in fact and expert evidence (for example, missing exhibits and old expert reports) and as a result, the Application was refused. 

In considering the application, however, the High Court provided useful comments on the:

  • Legal approach to Norwich Pharmacal Orders in file-sharing cases; and
  • Effect of the GDPR on orders of this kind.

Legal approach to Norwich Pharmacal Orders

In this case, the High Court confirmed that the approach for granting NPOs in file sharing cases in the 2012 Golden Eye litigation was the correct approach to be applied.

However, the Applicants' case was plagued with procedural errors and fundamental defects in fact and expert evidence and as a result, the Application failed. One of the main reasons the Applicants had succeeded in 2012 was because the judge in that case, Arnold J, found that the evidence demonstrated a good arguable case. Another key reason why Arnold J granted the order was because he was convinced that the Claimants did have "a genuine intention to try to obtain redress for the infringement, rather than to set up a money-making scheme designed to embarrass and coerce as many people as possible (regardless of whether they were actual infringers) into making payments demanded".

In this case however, the judge concluded that as a result of the defective evidence, he was in no position to determine whether the Applicants were genuinely intending to sue (i.e. fulfilling the above requirement that they were intending to seek redress for a wrongdoing) or whether they were part of a "money-making scheme" or "shakedown" and that they intended to "continue to ride the 'gravy train of letter writing in the absence of court supervision", as alleged by Virgin Media.  

What is the impact of the GDPR?

Despite Virgin Media's submission about the potential GDPR issues if such an order was granted, the court held that this approach remained unchanged by the GDPR. Specifically, the judge dealt with three questions:

  1. Whether an IP address is personal data under Article 4(1) GDPR? Yes, on the basis that "the data in question will certainly become personal data in [the Applicant's] hands if the orders sought are granted".
  2. Whether the Applicants would be regarded as "data controllers" or "data recipients"? The Applicants would be "data recipients" and therefore not subject to the onerous obligations of a data controller under the GDPR.
  3. Would the Applicants promise to register as a controller at the ICO make any difference? Given the answer to 2, it was unnecessary for the court to consider this.

Comment

The case confirms the legal approach as set out in Golden Eye in relation to the granting of NPOs in file sharing cases and the requirements that need to be met.  The case also seems to confirm that that this regime is unaltered by the GDPR although some commentators have questioned the court's interpretation of "data controller" and consider the reasoning on the aspects of the case related to the GDPR to be questionable. In particular, some are of the view that "data controllers" and "data recipients" are not mutually exclusive so the Applicants could (and should) be considered both a data recipient and a data controller.

This case ultimately fell down on shoddy evidence and it is reassuring to see that just because the court granted the order in 2012, it has considered this case individually on its own merits and based on the evidence submitted.

It will be interesting to see whether the Applicants will be successful in obtaining an order if the defects in the evidence are rectified.

With thanks to trainee, Charley Guile, for her contribution to this article.

Sign up to our email digest

Click to subscribe or manage your email preferences.

SUBSCRIBE