Mircom International Content Management & Consulting Ltd & Ors v Virgin Media Ltd & Anor

The claimants sought Norwich Pharmacal disclosure from Virgin Media of the names and addresses of residential broadband subscribers identified by IP addresses as allegedly infringing the claimants' copyright in pornographic films. The court analysed whether the established approach from the 2012 Golden Eye litigation remained applicable, whether the General Data Protection Regulation and the Data Protection Act 2018 altered the legal position, and whether the claimants' factual and expert evidence justified the orders sought.

The judge held that the legal approach in Golden Eye remained applicable and that the court should carry out a careful, individualised proportionality assessment. The judge concluded that IP addresses (and the schedules of IP addresses) would amount to personal data in the claimants' hands but that receipt of disclosure in these circumstances made the claimants data recipients rather than data controllers for the purposes of the GDPR and DPA 2018, so the controller obligations did not preclude the orders sought. Nevertheless the applications were dismissed because the claimants' factual and expert evidence was fundamentally deficient and the court lacked sufficient evidence that the claimants genuinely intended to pursue infringement claims rather than run a mass settlement scheme.

Background and parties: The Mircom and Golden Eye groups of claimants (film production companies and intermediary companies Mircom and Golden Eye) issued Part 8 claims seeking Norwich Pharmacal orders requiring Virgin Media to disclose the names and addresses of registered account holders associated with IP addresses identified by the claimants as having downloaded the claimants' films. The claims proposed large-scale disclosure in batches and included a pre-prepared letter of claim and settlement regime. Virgin Media opposed disclosure and advanced detailed submissions on evidence and data protection grounds.

Nature of the application: The claimants sought Norwich Pharmacal relief (disclosure of account-holder identities linked to specified IP addresses) to enable them to send letters of claim and pursue copyright enforcement and settlement.

Issues framed: The court set out three principal issues: (i) whether the legal approach in the Golden Eye (2012) litigation remained the correct approach to such Norwich Pharmacal applications; (ii) whether the GDPR and Data Protection Act 2018 affected the proper approach and whether the claimants would become data controllers; and (iii) whether the claimants' factual and expert evidence justified the orders sought (including whether they had a genuine intention to bring enforcement proceedings).

Reasoning and subsidiary findings: The judge concluded that Golden Eye remained authoritative and that Rugby Football Union v Viagogo did not change the legal approach. On data protection, the court held that schedules of IP addresses are personal data in the claimants' hands (and would certainly become personal data if disclosure were made) but concluded that the claimants would be "recipients" of personal data rather than "controllers" because the disclosure and use arise in connection with legal proceedings and the rules of civil procedure; accordingly the GDPR controller obligations did not prevent disclosure. The judgment considered Breyer C‑582/14 (dynamic IP addresses) but distinguished its facts and the German criminal-procedure context from the English civil Norwich Pharmacal procedure.

Despite resolving the legal questions largely in the claimants' favour on GDPR points, the judge dismissed the applications because the claimants' evidence was fundamentally deficient: key fact exhibits (spreadsheets of IP addresses) were not in evidence or were inconsistent with witness statements, expert reports were out of date or non-compliant with CPR Part 35 (absence of statements of truth, unclear instructions, uncertain software provenance and licensing), and there was insufficient evidence about how previous disclosures had been used. The court also required more satisfactory evidence to be satisfied that the claimants genuinely intended to pursue enforcement rather than operate a mass settlement scheme. The judge declined to permit ad hoc rectification absent sight of the replacement evidence, and refused the applications for disclosure.

Relief sought and disposition: Norwich Pharmacal relief was refused; the applications failed. The judge indicated further argument would be heard on ancillary matters such as costs and the form of any consequential order.

The applications for Norwich Pharmacal relief are dismissed. The court held that the Golden Eye approach remains the correct legal framework and that GDPR considerations do not automatically prevent disclosure because the claimants would be data recipients rather than controllers in this context. However the claimants' fact and expert evidence contained fundamental defects (missing or inconsistent spreadsheets, outdated or non‑compliant expert reports, questions over software licensing and provenance), and there was insufficient evidence that the claimants genuinely intended to pursue court proceedings rather than pursue a large‑scale settlement regime. For these reasons the orders sought were refused.