Fast, the Federation Against Software Theft, has lambasted the 1998 Data Protection Act for protecting rogue traders from prosecution.
Fast says the 1998 DPA might be helping pirates
Under the DPA an ISP does not have to release the details of a 'rogue trader' until Fast, or any other enforcement body, has produced a court order, a procedure that is often extremely laborious.
In effect this means the pirate can immediately open up a new site under a different name.
"The DPA is unwittingly hampering enforcement because ISPs are refusing to release details of pirate website owners, without a court order," said Paul Brennan, general counsel at Fast. "It is natural for ISPs not to want to fall foul of the DPA, but [we] ask ISPs to look again at their interpretation."
ISP Yahoo said it was impossible to determine when it would hand over information, but said that it would act, "within its terms and conditions and the Data Protection Act", while doing all it could "to help enforcement bodies from preventing innocent consumers being conned by pirates".
But the Information Commission, the body that enforces the DPA, says the clause should not been seen as a rogue chapter.
"ISPs are probably interpreting [the act] too literally," said Richard Ingle, compliance officer at the Information Commission. "If ISPs are being unhelpful or obstructive then we can serve an 'information notice' on them, demanding they hand over the information."
The law is much more favourable to the consumer in the case of a non-internet rogue traders, where details of company directors can be easily obtained from Companies House.
"A reliable company trading on the internet will also store its information at Companies House, it is the individuals who set up sites which are more difficult to track," said the Commission's Ingle. "But if a domain name has been registered to a trader then this info will be kept by [domain registrar] Nominet and, in theory, anyone should be able to get hold of it."
"Data protection rules are wholly sensible, but it seems that such rules are being cited as a standard first line of defence and this knee-jerk reaction can result in a lot of wasted time and cost," said Dawn Osborne, a partner at intellectual property law firm Willoughby.
"Perhaps it would be sensible for ISPs to agree a code of conduct or an understanding with regard to transmission of personal data," she says.
Currently, enforcement bodies send a request to an ISP that a site is taken down, if it is clearly an infringement of intelligent rights.
But Fast believes the only way to prevent pirates from setting up elsewhere is to release details of the trader, so that they can be identified and pursued.
"The new e-commerce directive provides an obligation on the ISP to remove the site expeditiously, once it is aware of the infringement," added Fast's Brennan. "But ISPs are in a Catch-22 situation. If they don't take down the information they're liable and if they do, they may be at risk of being sued by the rogue site owner, for giving out personal information."
In the US, the Digital Millennium Copyright Act, demand ISPs take down such sites swiftly and efficiently. If the site's owner then complains, the ISP will put the site back up and hand the case over to the courts to decide.
This same system, Fast said, should be adopted in the UK.