CJEU: Storing visitors personal data to a website in order to protect against cyberattacks
Mr Patrick Breyer has brought an action before the German courts seeking an injunction to prevent websites, run by the Federal German institutions that he consults, from registering and storing his internet protocol addresses (‘IP addresses’). Those institutions register and store the IP addresses of visitors to those sites, together with the date and time when a site was accessed, with the aim of preventing cybernetic attacks and to make it possible to bring criminal proceedings.
The Bundesgerichtshof (Federal Court of Justice, Germany) has made a reference to the Court of Justice asking whether in that context ‘dynamic’ IP addresses also constitute personal data, in relation to the operator of the website, and thus benefit from the protection provided for such data. A dynamic IP address is an IP address which is different each time there is a new connection to the internet. Unlike static IP addresses, dynamic IP addresses do not enable a link to be established, by means of files accessible to the public, between a specific computer and the physical connection to the network used by the internet service provider. Therefore, only Mr Breyer’s internet service provider has the additional information necessary to identify him.
Furthermore, the Bundesgerichtshof asks whether the operator of a website must, at least in principle, have the possibility to collect and subsequently use visitors’ personal data in order to ensure the general operability of its website. It observes, in that regard, that most academic commentators in Germany interpret the relevant German legislation as meaning that those data must be deleted at the end of the consultation period unless they are required for billing purposes.
By yesterday’s judgment, the Court replies, first of all, that a dynamic IP address registered by an ‘online media services provider’ (that is by the operator of a website, in the present case the German Federal institutions) when its website, which is accessible to the public, is consulted constitutes personal data with respect to the operator if it has the legal means enabling it to identify the visitor with the help of additional information which that visitor’s internet service provider has.
Latest News from
The Commission makes Erasmus+ and European Solidarity Corps more inclusive22/10/2021 15:25:00
Today, the Commission has adopted a framework to increase the inclusiveness and diversity of the Erasmus+ and European Solidarity Corps programmes for the period 2021-2027.
Remarks by President Charles Michel before the European Council meeting on 21 October 202122/10/2021 13:25:00
Remarks given yesterday by President Charles Michel before the European Council meeting.
Main messages from the Tripartite Social Summit22/10/2021 09:25:00
EU leaders and social partners met, via video conference, at the Tripartite Social Summit to discuss "transforming Europe's recovery into long-term sustainable growth supporting more and better jobs".
Speech by Vice-President Šefčovič at the Parliament on the 2022 Commission Work Programme21/10/2021 16:33:00
Speech given recently (19 October 2021) by Vice-President Šefčovič at the Parliament on the 2022 Commission Work Programme.
Conference on the Future of Europe: Plenary to discuss citizens' contributions21/10/2021 15:25:00
This weekend, the Conference Plenary will discuss reports from the European Citizens' Panels, national panels and events, the EYE and the Platform.
Cybersecurity: Council adopts conclusions on exploring the potential of a joint cyber unit21/10/2021 14:33:00
The Council recently (19 October 2021) adopted conclusions inviting the EU and member states to further develop the EU cybersecurity crisis management framework, including by exploring the potential of a joint cyber unit.
2021 Enlargement package: European Commission assesses and sets out reform priorities for the Western Balkans and Turkey21/10/2021 13:25:00
The European Commission recently (19 October 2021) adopted its 2021 Enlargement Package, providing a detailed assessment of the state of play and the progress made by the Western Balkans and Turkey on their respective paths towards the European Union, with a particular focus on implementing fundamental reforms, as well as clear guidance on the reform priorities ahead.
Commission relaunches the review of EU economic governance21/10/2021 12:38:00
The European Commission recently (19 October 2021) adopted a Communication that takes stock of the changed circumstances for economic governance in the aftermath of the COVID-19 crisis and relaunches the public debate on the review of the EU's economic governance framework.
2022 Commission Work Programme: Making Europe stronger together21/10/2021 11:33:00
The Commission recently (19 October 2021) adopted its 2022 Work Programme, setting out the next steps in its bold and transformative agenda towards a post-COVID-19 Europe that is greener, fairer, more digital and more resilient.