Unwarranted private surveillance have led to a huge leak of sensitive personal data from ACS:Law. The leak also appears to contain information about alleged infringers. (1)
Jim Killock, Executive Director of the Open Rights Group said:
"It's shocking that ACS:Law are prepared to use the Digital Economy Act for their processes in future. (2)
"And there is little to stop them. They could self-certify their evidence collecting process and send the data to ISPs. (3)
"The question is if Ofcom will let us see these methods or will they allow calls of "commercial confidentiality" to keep parts of the processes closed from view?"
(2) In one of the leaked emails an ACS:Law lawyer is quoted as saying: "I have made sure that the requirements satisfy the requirements set out in OFCOM’s draft code of conduct."
(3) Section 7/124E(2) of the DEA requires that the initial obligations code makes the required provision about Copyright Infringement Reports (CIR) by specifying “requirements as to the means of obtaining evidence of infringement of copyright for inclusion in a report”, and “the standard of evidence that must be included”. The draft initial obligations code makes no provisions specifying the means of obtaining evidence of infringement of copyright for inclusion, and neither does it make provisions specifying the standard of evidence that must be included.
Section 3.5 to 3.7 of the draft initial obligations code outlines, in relation to evidence gathering process what it calls a “quality assurance process”. But this process does not specify the means of obtaining evidence or the standard of evidence included, only that the copyright owner will have to follow the process outline in their QA report which is to be submitted to Ofcom. The DEA does not require such a QA system.