|
|
|
|
|
|
by courtneycouch0
2920 days ago
|
|
|
A German court held that IP addresses can be considered personal data for non ISPs. Check Patrick Breyer v. Bundesrepublik Deutschland. Literally a website just logging IP addresses of visitors. You’re making it sound incredibly cut and dry when it’s clearly not and there’s case law on record confirming it’s not so simple. |
|
|
https://curia.europa.eu/jcms/upload/docs/application/pdf/201...
I also looked up some additional explanations.
That case literally does not support the claim you make. The court decided that:
* dynamic IPs can be considered personal info if the entity collecting them has legals means to get additional information related to that IP (these legal means exist in Germany, if the entity believes they are being cyberattacked)
* furthermore, the court noted that this particular law is more restrictive than general EU law (which eventually becomes GDPR, as far as I understand: http://germanitlaw.com/patrick-breyer-v-federal-republic-of-...)
* according to the less restrictive law though, "The operator of a website may have a legitimate interest in storing certain personal data relating to visitors to that website in order to protect itself against cyberattacks"
* and this opened up the question as to which law should be followed in Germany, at least until GDPR comes into play (again, see explanation in http://germanitlaw.com/patrick-breyer-v-federal-republic-of-...)
* note then that: this issue is no longer an issue (since GDPR is in play now) and that GDPR actually allows the collection of dynamic IPs if the entity needs to do this to protect from cyberattack