Lycos Germany to No Longer Store IP Data

quaker5567 writes "The Register is carrying the story that Lycos Germany says it will no longer store dynamic IP addresses of its customers. According to the German Tele Services Data Protection and Telecommunications Act, ISPs are only allowed to store communications data for accounting purposes. Apparently, there is no requirement for German ISPs to keep a record of IP addresses. A decision by German ISPs not to keep logs on IP addresses would be extremely controversial as the entertainment industry is increasingly demanding that ISPs disclose the names of suspected file sharers."

Incase if gets slashdotted

Lycos DSL in Germany says it will no longer store dynamic IP addresses of its customers, now that a specialist on data privacy laws from Frankfurt University has threatened to sue the company.

Jonas Breyer had asked Lycos what data was kept on him and whether that information was shared with backbone providers, but the ISP refused to co-operate. Probably to avoid further law suits, Lycos has now decided to ditch IP storage altogether.

Deutsche Telekom tentacle T-Online faces similar threats from German subscriber Holger Voss, who this week in court argued that dynamic IP addresses are irrelevant for book keeping and shouldn't be stored. According to the German Tele Services Data Protection and Telecommunications Act, ISPs are only allowed to store communications data for accounting purposes. Apparently, there is no requirement for German ISPs to keep a record of IP addresses.

A decision by German ISPs not to keep logs on IP addresses would be extremely controversial as the entertainment industry is increasingly demanding from ISPs to disclose the names of suspected file sharers. Courts in both Germany and Canada have recently denied the entertainment industry the right to subpoena the identities of file-sharers. Of course, as most broadband providers use fixed IP addresses for their customers, an audit trail would still be able to reveal their identity. ®
Related stories

Court rules for German ISPs in P2P identities case
German ISP told to cough up customer's details
German court protects P2P ne'er-do-well

Re:Options

[skarphace]

Not a good point. Working for a financial services company, I know it is required for them to keep their email around. Research the Sarbanes-Oxley act. That is law. Keeping IP addressis logged is not.

Re:Options

[rawb]

Morgan Stanley *IS* guilty because email now qualifies as memo's did in the past. All paperwork within a corporation must be kept for records and potential audits by the SEC.

There is no such rule regarding the internet and it's users' IP addresses... at least not yet.

Re:Options

[timmarhy]

ip logging and the S&M case are a completely diffferent context. S&M were in the middle of a court case and these emails suddenly disappeared. logging ip's is assuming all your customers are breaking the law. i know i'm not going to stand for my isp treating me like a criminal.

"no requirement to keep a record"

[anno1602]

Apparently, there is no requirement for German ISPs to keep a record of IP addresses

There is not only no requirement to keep the data, the ISPs (and everybody else) are prohibited to keep personal data (which includes anything that might identify an individual) unless immediately required for conducting their business or explicitely allowed by the customer. In other words, people are suing because the providers are not complying to German Datenschutz (data protection) laws.

Re:This is complying with German law, FWIH

[vidarh]

Not storing information that can directly identify a person unless there is a well defined business need for it is the general rule in all EU/EEA countries, not something exceptional for Germany. The only thing that differs between the countries is how strictly it is being enforced.

In other words I would not be surprised to see this extend in some form or other to ISP's in other parts of Europe as well.

How would it be controversial?

[rfc1394]

If you don't store information you can't be subpoenaed for it. And you can't compromise information you don't keep. People can't perform identity theft or harm your customers by stealing information from you if you don't keep the information in the first place. And the government can't turn you into an informant collecting information for them if you have no information to collect.

How is it controversial to treat customers with respect by not recording information not absolutely necessary to provide service to them? When I go into Office Depot, I can buy supplies, pay cash and leave. They don't ask me my address, my religion or my political opinions; all they care about is that my money is the right color, as it should be. Other business should consider doing the same thing: If you don't need the information in order to provide the product or service, don't ask for it. If you don't need to retain the information once the product or service is provided, don't keep it.

I have run my businesses that way for years; it saves a lot of paperwork hassles. Too many businesses see additional information collected from customers as a business asset they can sell. Which turns it into more data that can be prostituted into use for other purposes, not all of them good. Correction, most of them definitely bad.