The Luxembourg-based European Court of Justice (ECJ) said that Internet providers are not required to give up identities of their customers involved in illegal downloading or sharing of music tracks, in civil lawsuits. What the ruling could mean is that an entity cannot bring about a civil lawsuit against music pirates because it cannot force ISPs to reveal their identity.

The European Court of Justice thus sided in its ruling with Spain's largest telecoms group, Telefonica, which has refused a request by Spanish trade body Promusicae to identify users who downloaded or shared music.

"There are several community directives whose purpose is that the member states should ensure, especially in the information society, effective protection of industrial property, in particular copyright," the ECJ said.

"Such protection cannot, however, affect the requirements of the protection of personal data. The directives on the protection of personal data also allow the member states to provide for exceptions to the obligation to guarantee the confidentiality of traffic data," ruled the European Court of Justice.

The decision is actually double-edged: it states that individual European states are not required to force Internet service providers to cooperate with industry organizations in civil lawsuits, thus protecting the privacy of their citizens, but it also leaves the door open for any state to demand such information if it deems necessary.

That is why the decision was welcomed by both privacy groups and industry organizations. The International Federation of the Phonographic Industry (IFPI) was quick to point out that the ruling does not preclude the possibility for the member states of laying down an obligation to disclose personal data in the context of civil proceedings, which is exactly what the industry will try to force next.

The Promusicae suit against Spain's largest telecoms group, Telefonica, was aimed at turning over subscriber data to identify people using the Kazaa peer-to-peer file-sharing program. It was initiated in 2006 and Telefónica contended the data could only be released in the course of a criminal investigation or a national or public security matter, alleging that an IP (Internet protocol) address is a type personal data that should be protected.

The case was transferred to the European Court of Justice after a Spanish court asked it for guidance.