1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Your Dynamic IP Address Is Now Protected Personal Data Under EU Law

Discussion in 'BlackHat Lounge' started by The Scarlet Pimp, Oct 19, 2016.

  1. The Scarlet Pimp

    The Scarlet Pimp Senior Member

    Apr 2, 2008
    Likes Received:
    Chair moistener.
    "CJEU rules that personal IPs can't be stored, unless to thwart cybernetic attacks or similar."

    Glyn Moody - Oct. 19, 2016

    Europe's top court has ruled that dynamic IP addresses can constitute "personal data," just like static IP addresses, affording them some protection under EU law against being collected and stored by websites.

    But the Court of Justice of the European Union (CJEU) also said in its judgment on Wednesday that one legitimate reason for a site operator to store them is "to protect itself against cyberattacks."

    The case was referred to the CJEU by the German Federal Court of Justice, after an action brought by German Pirate Party politician Patrick Breyer. He asked the courts to grant an injunction to prevent websites that he consults, run by federal German bodies, from collecting and storing his dynamic IP addresses.

    Breyer's fear is that doing so would allow the German authorities to build up a picture of his interests, according to the Austrian newspaper der Standard. Site operators argue that they need to store the data in order to prevent "cybernetic attacks and make it possible to bring criminal proceedings" against those responsible, the CJEU said.

    It held in its ruling that dynamic IP addresses could be considered personal data, even though they didn't refer consistently to one person, provided a website "has the legal means enabling it to identify the visitor with the help of additional information which that visitor’s Internet service provider has." Since this is generally the case in Germany, the court said that dynamic addresses would then be personal data—an important ruling.

    Under EU law, the processing of personal data is only lawful if if is necessary "to achieve a legitimate objective pursued by the controller, or by the third party to which the data are transmitted, provided that the interest or the fundamental rights and freedoms of the data subject does not override that objective."

    • Thanks Thanks x 1
  2. blogzandstuff

    blogzandstuff Elite Member

    Jan 1, 2015
    Likes Received:
    blog creator
    oh well, shame the UK is leaving the EU then
  3. Capo Dei Capi

    Capo Dei Capi BANNED BANNED

    Oct 23, 2014
    Likes Received:
    Luckily I'm not in the EU, so the CJEU can't do shit if I violate this.
    • Thanks Thanks x 3