Thursday 20 Oct 2016 @ 12:20
EU News
Printable version

CJEU: Storing visitors personal data to a website in order to protect against cyberattacks

Mr Patrick Breyer has brought an action before the German courts seeking an injunction to prevent websites, run by the Federal German institutions that he consults, from registering and storing his internet protocol addresses (‘IP addresses’). Those institutions register and store the IP addresses of visitors to those sites, together with the date and time when a site was accessed, with the aim of preventing cybernetic attacks and to make it possible to bring criminal proceedings.

The Bundesgerichtshof (Federal Court of Justice, Germany) has made a reference to the Court of Justice asking whether in that context ‘dynamic’ IP addresses also constitute personal data, in relation to the operator of the website, and thus benefit from the protection provided for such data. A dynamic IP address is an IP address which is different each time there is a new connection to the internet. Unlike static IP addresses, dynamic IP addresses do not enable a link to be established, by means of files accessible to the public, between a specific computer and the physical connection to the network used by the internet service provider. Therefore, only Mr Breyer’s internet service provider has the additional information necessary to identify him.

Furthermore, the Bundesgerichtshof asks whether the operator of a website must, at least in principle, have the possibility to collect and subsequently use visitors’ personal data in order to ensure the general operability of its website. It observes, in that regard, that most academic commentators in Germany interpret the relevant German legislation as meaning that those data must be deleted at the end of the consultation period unless they are required for billing purposes.

By yesterday’s judgment, the Court replies, first of all, that a dynamic IP address registered by an ‘online media services provider’ (that is by the operator of a website, in the present case the German Federal institutions) when its website, which is accessible to the public, is consulted constitutes personal data with respect to the operator if it has the legal means enabling it to identify the visitor with the help of additional information which that visitor’s internet service provider has.

Click here for full press release

 

Share this article

Latest News from
EU News

EU increases humanitarian aid to Gaza by €25 million

07/11/2023 13:25:00

As part of the EU's continued support to people in Gaza, the Commission will provide a further €25 million in humanitarian aid. This quadruples EU humanitarian assistance to over €100 million for Gaza this year.

President von der Leyen marks the EU's commitment to the Partnership for Global Infrastructure and Investment (PGII) during the event hosted at the G20 in New Delhi

12/09/2023 15:25:00

President von der Leyen recently (09 September 2023) spoke at the G20 event on PGII hosted by Prime Minister Modi and President Biden.

Summer 2023 Economic Forecast: Easing growth momentum amid declining inflation and robust labour market

12/09/2023 13:25:00

The European Commission yesterday presented the Summer 2023 Economic Forecast

Climate change: Deal on a more ambitious Emissions Trading System (ETS)

20/12/2022 10:33:00

On Saturday night, MEPs and EU governments agreed to reform the Emissions Trading System to further reduce industrial emissions and invest more in climate friendly technologies.

EU and Ukraine sign €100 million for the rehabilitation of war-damaged schools *

20/12/2022 09:25:00

Exactly three months after President von der Leyen's announcement in her 2022 State of the Union Address, the European Commission and the Government of Ukraine have signed a €100 million support package for the reconstruction and rehabilitation of schooling facilities damaged in Russia's full-scale war of aggression against Ukraine.

NextGenerationEU: European Commission endorses positive preliminary assessment of Portugal's second request for €1.8 billion disbursement under the Recovery and Resilience Facility

19/12/2022 16:33:00

The European Commission recently (16 December 2022) endorsed a positive preliminary assessment of Portugal's payment request for €1.8 billion of grants and loans under the Recovery and Resilience Facility (RRF), the key instrument at the heart of NextGenerationEU.

'Fit for 55': Council and Parliament reach provisional deal on EU emissions trading system and the Social Climate Fund

19/12/2022 15:25:00

The Council and the European Parliament reached a provisional political agreement on important legislative proposals of the ‘Fit for 55’ package that will further reduce emissions and address their social impacts.

Ukraine: EU agrees ninth package of sanctions against Russia

19/12/2022 14:33:00

The Commission welcomes the Council's adoption of a ninth package of hard-hitting sanctions against Russia for its aggression against Ukraine. 

Council and European Parliament agree on new safety requirements for machinery products

19/12/2022 13:25:00

The Council and the European Parliament negotiators have reached a provisional agreement on the regulation for machinery products. The proposed legislation transforms the 2006 machinery directive into a regulation. 

Public Service Insights: Effectively Onboarding New Employees With An Intranet