Legal

Feature Stories

Columbia Pictures v. Bunnell

Foreign Privacy Laws vs. U.S. Discovery Obligations

Courts have never been fond of plaintiffs who flock to a faraway forum seeking justice when a more appropriate forum lies around the corner. So it comes as no surprise that in Columbia Pictures Indus. v. Bunnell, 2007 U.S. Dist. LEXIS 46364 (C.D. Cal. June 19, 2007), the court gave short shrift to defendants who sought the protection of Dutch law to avoid preserving and producing relevant information while allegedly facilitating the worldwide downloading of copyrighted movies and music. While the case raises significant issues in electronic discovery due to the court’s ordering the defendants to preserve transient data stored in random access memory (“RAM”), it also underscores the longstanding general principle that those who do business in the United States must accept the burdens along with the benefits of U.S. law.

Defendants’ Alleged Copyright Infringement
In Bunnell, several major motion picture studios^[1] filed a copyright infringement action against the defendants^[2] who were operating the website www.TorrentSpy.com. According to the complaint, the website provided links to third-party sites containing BitTorrent^[3] files and links to files stored on the cache of defendants’ website.  The torrent files offered on defendants’ website did not contain actual copies of allegedly copyrighted material.  However, in an apparent effort to avoid scrutiny and legal action in the United States, the defendants’ located their web server in the Netherlands.  The court found that the defendants chose the Netherlands in part because they believed the had strict privacy laws to protect the identities of website visitors.

Three weeks after initiating the lawsuit, plaintiffs filed a motion to require defendants to preserve and produce server logs, databases, and reports (collectively “Server Log Data”) containing records of user activities, including their Internet Protocol addresses.^[4]  Defendants did not save or log the Server Log Data, which was only held in random access memory (RAM) on defendants’ servers. The defendants objected to the production, alleging that RAM is so transitory that it cannot be considered “stored” within the meaning of Fed. R. Civ. Pro. 34(a). 

Magistrate Judge Chooljian ruled that the Server Log Data was relevant to the litigation and that the defendants were required to retain and produce the data.  The judge similarly rejected defendants’ other arguments regarding the Stored Communications Act, the Wiretap Act, and the Pen Registry Statute, as well as alleged constitutional protection under the First Amendment.  The court also denied defendants’ contention that the laws of the Netherlands shielded them from any U.S. discovery obligations.  In a lengthy opinion, the District Court denied defendants' motion for review.  Columbia Pictures, Indus. v. Bunnell, 2007 U.S. Dist. LEXIS 63620 (C.D. Cal. Aug. 24, 2007).

Server Log Data “Hot Potato”
According to the findings of the magistrate judge, defendants’ website never preserved Server Log Data even though defendants’ web server program was capable of logging the information.  The court also found the defendants had chosen not to retain the data in an effort to make the site more attractive to users wanting to remain anonymous.

Once litigation commenced, defendants contracted with a third-party entity, Panther, to intercept requests from defendants’ U.S. website users and direct them to Panther’s U.S. servers. Thus, all “torrent” traffic originating in the United States would go through Panther, who would then retrieve the requested file from defendants and relay it back to the user. The Server Log Data became a virtual “hot potato” while defendants in effect could wipe their hands clean of any alleged involvement in the dissemination of copyrighted materials.  However, defendants denied that the decision to contract with Panther was to avoid possession of the data.

Given the nature of the allegations and defendants’ agreement with Panther, it would seem unlikely that defendants would seriously dispute the court’s power to order defendants to produce the requested discovery.  However, defendants contended that as its servers were leased from an Internet Service Provider (ISP) in Amsterdam, any changes to collect Server Log Data would need to comply with the Netherland Personal Data Protection Act (NPDPA).

The NPDPA implements Directive 95/46/EC for the protection of individuals with respect to the processing and free movement of personal data.  The NPDPA defines personal data as “any information relating to an identified or identifiable natural person” while the term processing includes the collection, retrieval, use, and dissemination of data.  In noting Panther’s 25 U.S.-based servers and defendants’ ability to manipulate its Server Log Traffic, Magistrate Judge Choolijian rejected the argument that the law of the Netherlands prohibited the court from ordering the defendants to preserve the relevant information, finding that defendants had failed to meet their burden of showing that the law bars discovery.  See United States v. Vetco, 691 F.2d 1281, 1289 (9^th Cir. 1981).

BREIN Foundation v. UPC Nederland B.V.
In their motion for review, defendants cited an Amsterdam district court case involving alleged copyright infringement by peer-to-peer users of a Netherland ISP.  See BREIN Foundation v. UPC Nederland B.V., 194741/KGZA-05-462/BL/EV (2005). BREIN, the Netherlands counterpart to the Recording Industry of America, hired an American company, MediaSentry, to search for users who traded in copyrighted music files and to collect their IP addresses, which were then forwarded to ISP with instructions to provide BREIN with the names and address of the subscribers. Several ISPs refused and sought court protection based, inter alia, on the NPDPA.

The Amsterdam court noted that an IP address is personal data in relation to an identifiable person according to the Personal Data Protection Board, and thus ruled that to the extent BREIN was collecting IP addresses, it was processing personal data within the definition of the NPDPA.  See BREIN Foundation, § 4.22.  The data was being collected by MediaSentry, not BREIN, thus the Amsterdam court had no assurance that the information was processed and collected in a way to insure an adequate level of privacy protection for personal data.  MediaSentry had also not executed a “ Safe Harbor ” agreement ensuring compliance with EU data protection standards.^[5]  The court held that while there were limited circumstances under which IP addresses would need to be provided, it was not satisfied that the IP addresses secured by MediaSentry were related to infringement activity or would lead to the identity of the actual infringers.  Id. at § 4.31.

However, the California Central District Court held that the BREIN Foundation decision did not support the defendants’ argument that IP addresses were protected under the law of the Netherlands.  Rather, the Dutch court only placed restrictions on “identifying information.”  The Server Log Data at issue contained solely anonymous information which would not be prohibited under the NDPDA.

Defendants’ U.S. Discovery Obligations
Even if Dutch law prohibited defendants’ disclosure of IP addresses, the inquiry would not end there.  As the U.S. Supreme Court succinctly stated, “[i]t is well settled that [foreign] statutes do not deprive an American court of the power to order a party subject to its jurisdiction to produce evidence even though the act of production may violate that statute. ”Societe Nationale Industrielle Aerospatiale v. United States District Court, 482 U.S. 522, 544 n. 29 (1987). 

Here, the privacy protections inherent in the Netherlands’ law must be balanced against the interests of the United States and the plaintiffs in obtaining discoverable information.  See Richmark Corp. v. Timber Falling Consultants, 959 F.2d 1468 (9^th Cir. 1992). To determine the respective interests and rights of the parties, the Magistrate Court adopted the balancing test endorsed by Aerospatiale and contained in the Restatement (Third) of Foreign Relations Law § 442(1)(c).  Under that test, the factors a court should consider when determining whether a foreign statute excuses noncompliance with a party’s discovery obligation include: (1) the importance to the litigation of the information requested; (2) the degree of specificity of the request; (3) the origin of the information (i.e., whether it originated in the United States); (4) the availability of alternative means of securing the information; (5) the extent to which noncompliance with the request would undermine important interests of the United States or compliance with the request would undermine important interests of the state where the information is located; and (6) the degree of hardship on the producing party and whether such hardship is self-imposed.  See Bunnell, 2007 Dist. LEXIS 46364 at *50.  After weighing the relevant factors, the Magistrate Court found that they favored requiring defendants to preserve and produce the Server Log Data.  The District Court agreed.  See Bunnell, 2007 U.S. Dist. LEXIS 63620 at *27.

Conclusion
Defendants are expected to appeal the court’s decision, primarily on the grounds that the court erred in rejecting the argument that Server Log Data is ephemeral in nature and not subject to preservation or production under Fed. R. Civ. Pro. 34(a).  However, defendants may also argue that the court’s ruling is prohibited by the law of the Netherlands.  Meanwhile, it appears that defendants have taken steps to weaken the impact of the court’s ruling.  Shortly after the District Court denied defendants’ motion for review, defendants cut off access to U.S. users of its website in the United States, although the website is still accessible to users outside of the United States. How long the website will be out of reach of U.S. users is unknown, but it most certainly could be for the duration of discovery in the case, because if there are no users within the jurisdiction, there may be no relevant server log data for defendants to preserve or produce in this case.

^ Return to top