How can IT litigators fight back against anonymous e-commerce wrongdoers? Andrew Horrocks and Jack Cundy investigate
A frequent difficulty for would-be claimants trying to track down anonymous e-commerce wrongdoers is that website operators and other IT service providers are unwilling to disclose voluntarily the identity of a wrongdoer, relying on contractual obligations of confidentiality and data protection legislation.
Users of IT services are aware of the potential for the internet to be used to invade their privacy, and service providers will therefore typically undertake—whether in a written agreement or in a published privacy policy—not to disclose voluntarily a user’s private data. In addition, the Data Protection Act 1998 (DPA 1998) ordinarily prevents disclosure of personal data without the consent of the data owner or an order of the court.
In these situations, there may be no claim against the service provider itself as a result of content of an offending website—the Electronic Commerce (EC Directive) Regulations 2002 (SI 2002/2013) and the Defamation Act 1996, for example, contain safeguards for service providers if they are unaware of inappropriate content they are hosting. The principle