Your dynamic IP address is now protected personal data under EU law

["Dave Farber" <farber () gmail com>]

Begin forwarded message:

> From: Hendricks Dewayne <dewayne () warpspeed com>
> Date: October 20, 2016 at 4:58:03 AM EDT
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] Your dynamic IP address is now protected personal data under EU law
> Reply-To: dewayne-net () warpspeed com
>
> Your dynamic IP address is now protected personal data under EU law
> CJEU rules that personal IPs can't be stored, unless to thwart cybernetic attacks or similar.
> By GLYN MOODY
> Oct 19 2016
> <http://arstechnica.co.uk/tech-policy/2016/10/eu-dynamic-static-ip-personal-data/>
>
> Europe's top court has ruled that dynamic IP addresses can constitute "personal data," just like static IP addresses, 
> affording them some protection under EU law against being collected and stored by websites.
>
> But the Court of Justice of the European Union (CJEU) also said in its judgment on Wednesday that one legitimate 
> reason for a site operator to store them is "to protect itself against cyberattacks."
>
> The case was referred to the CJEU by the German Federal Court of Justice, after an action brought by German Pirate 
> Party politician Patrick Breyer. He asked the courts to grant an injunction to prevent websites that he consults, run 
> by federal German bodies, from collecting and storing his dynamic IP addresses.
>
> Breyer's fear is that doing so would allow the German authorities to build up a picture of his interests, according 
> to the Austrian newspaper der Standard. Site operators argue that they need to store the data in order to prevent 
> "cybernetic attacks and make it possible to bring criminal proceedings" against those responsible, the CJEU said.
>
> It held in its ruling that dynamic IP addresses could be considered personal data, even though they didn't refer 
> consistently to one person, provided a website "has the legal means enabling it to identify the visitor with the help 
> of additional information which that visitor’s Internet service provider has." Since this is generally the case in 
> Germany, the court said that dynamic addresses would then be personal data—an important ruling.
>
> Under EU law, the processing of personal data is only lawful if if is necessary "to achieve a legitimate objective 
> pursued by the controller, or by the third party to which the data are transmitted, provided that the interest or the 
> fundamental rights and freedoms of the data subject does not override that objective."
>
> In this case, the CJEU said that the federal German institutions running the websites in question "may have a 
> legitimate interest in ensuring the continued functioning of their websites which goes beyond each specific use of 
> their publicly accessible websites," when protecting their sites against online attacks. They were therefore 
> permitted to store IP addresses for this purpose, whether dynamic or static.
>
> [snip]
>
> Dewayne-Net RSS Feed: <http://dewaynenet.wordpress.com/feed/>



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20161020054830:59584030-96AA-11E6-BF79-B454F010038B
Powered by Listbox: http://www.listbox.com