Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
EU Privacy Your Rights Online

Your Dynamic IP Address Is Now Protected Personal Data Under EU Law (arstechnica.co.uk) 38

Europe's top court has ruled that dynamic IP addresses can constitute "personal data," just like static IP addresses, affording them some protection under EU law against being collected and stored by websites. ArsTechnica UK adds: But the Court of Justice of the European Union (CJEU) also said in its judgment on Wednesday that one legitimate reason for a site operator to store them is "to protect itself against cyberattacks." The case was referred to the CJEU by the German Federal Court of Justice, after an action brought by German Pirate Party politician Patrick Breyer. He asked the courts to grant an injunction to prevent websites that he consults, run by federal German bodies, from collecting and storing his dynamic IP addresses. Breyer's fear is that doing so would allow the German authorities to build up a picture of his interests. Site operators argue that they need to store the data in order to prevent "cybernetic attacks and make it possible to bring criminal proceedings" against those responsible, the CJEU said.
This discussion has been archived. No new comments can be posted.

Your Dynamic IP Address Is Now Protected Personal Data Under EU Law

Comments Filter:
  • Well, it looks like practically every default logger for Apache/Nginx/etc. can be considered NSA spyware according to this edict.

    That means you too, Slashdot.

  • Reasonable (Score:5, Interesting)

    by ADRA ( 37398 ) on Wednesday October 19, 2016 @02:02PM (#53109409)

    It is 'reasonable' that your IP address is considered personal information 'offered' to the web sites in question.

    What this law 'should' mean (I can't speak for the wording specifically) is that a site's owner should treat a user's data as privileged, meaning it isn't handed out to others without reasonable justification. Law enforcement should still be able to subpoena these records as they probably have been able to in the past. My hope is that the law makes it harder for 'non-subpoena' requests for a given user's IP address harder to obtain since it would now be a privacy violation to disclose it.

    That's all fine, but as the blow-back illustrates, just because an IP address makes a physical connection with a service you're hosting, it doesn't mean that said service is in any way being transmitted by the person in question. DOS attacks happen all over the place, and unless you have services which share information about these attack vectors, its significantly harder to track and get take-downs of the offenders (maybe I'm being too optimistic..).

    Maybe the best trade-off is when an IP address is logically tied to further information from the site (site profile, name, email, etc..). If so, the information is considered 'personal information' while a random drive-by DOS is just considered infrastructure data.

    • by Anonymous Coward

      Seeing as how we're headed towards worldwide adoption of SSL as a standard it's reasonable to assume that everything will be considered private soon. IP addresses are not "an offering", they are required in the handshake process for communication. In my opinion the protocol determines whether a connection can be assumed private or not. HTTP no, HTTPS yes. That's why there's such a huge push for everything to be HTTPS now. It's a good thing for everyone. NSA can't scoop up tons of public traffic anymor

  • What about ISP that use NAT? In this case many users have the same ip address. Public WiFi hotspots usually have one ip address in Internet for its clients. I don't think that site owner can easy get information about persons that used some IPs from ISP, when users didn't some bad things.
  • 192.168.0.3 (Score:5, Funny)

    by jfdavis668 ( 1414919 ) on Wednesday October 19, 2016 @03:45PM (#53110025)
    Sorry, you can't store it, it's personal protected data!
    • If that's the address you connect to someone's website with, they don't need to store it because you aren't getting any connections to start with.

      Are you confusing dynamic IP addresses with private netblocks?

    • Well, mine is 127.0.0.1, hack that all you horrible internet hackers!

  • ... was the property of my ISP.

    Sort of like how my physical street address is property of the municipality, my phone number is property of the phone company... etc.

    I do not own any of the information that could potentially be used to track me down unless I can live entirely independently of using property that belongs to other people.

    • > I thought my IP address was the property of my ISP.

      It is explicitly NOT. The agreement an ISP signs to get numbers includes these terms:
      --
      Legacy Holder acknowledges and agrees that: (a) the number resources are not property (real, personal, or intellectual) of Legacy Holder; (b) Legacy Holder does not and will not have or acquire any property rights in or to any number resources for any reason
      ---

      See also:
      https://www.arin.net/policy/nr... [arin.net]

      The most important practical implication of that fact is that ARIN

      • by mark-t ( 151149 )
        Phone numbers are only as portable as the phone companies that govern them allow them to be. If you have a land line, try moving to another city in the same area code and see if they let you keep the same phone number.
        • by Luthair ( 847766 )
          I believe that was part of the regulation, and in general it makes sense for routing reasons.

Where there's a will, there's an Inheritance Tax.

Working...