Slashdot Mirror

← Back to Stories (view on slashdot.org)

Your Dynamic IP Address Is Now Protected Personal Data Under EU Law (arstechnica.co.uk)

Posted by msmash on from the complex-tech dept.

Europe's top court has ruled that dynamic IP addresses can constitute "personal data," just like static IP addresses, affording them some protection under EU law against being collected and stored by websites. ArsTechnica UK adds: But the Court of Justice of the European Union (CJEU) also said in its judgment on Wednesday that one legitimate reason for a site operator to store them is "to protect itself against cyberattacks." The case was referred to the CJEU by the German Federal Court of Justice, after an action brought by German Pirate Party politician Patrick Breyer. He asked the courts to grant an injunction to prevent websites that he consults, run by federal German bodies, from collecting and storing his dynamic IP addresses. Breyer's fear is that doing so would allow the German authorities to build up a picture of his interests. Site operators argue that they need to store the data in order to prevent "cybernetic attacks and make it possible to bring criminal proceedings" against those responsible, the CJEU said.

24 of 38 comments (clear)

  1. Re:Sorry, What? by Calydor · · Score: 1

    Oh, so it isn't just because English is not my native language that I think of cybernetics purely in the context of cyborgs, androids and the like?

    --
    -=This sig has nothing to do with my comment. Move along now=-
  2. Reasonable by ADRA · · Score: 5, Interesting

    It is 'reasonable' that your IP address is considered personal information 'offered' to the web sites in question.

    What this law 'should' mean (I can't speak for the wording specifically) is that a site's owner should treat a user's data as privileged, meaning it isn't handed out to others without reasonable justification. Law enforcement should still be able to subpoena these records as they probably have been able to in the past. My hope is that the law makes it harder for 'non-subpoena' requests for a given user's IP address harder to obtain since it would now be a privacy violation to disclose it.

    That's all fine, but as the blow-back illustrates, just because an IP address makes a physical connection with a service you're hosting, it doesn't mean that said service is in any way being transmitted by the person in question. DOS attacks happen all over the place, and unless you have services which share information about these attack vectors, its significantly harder to track and get take-downs of the offenders (maybe I'm being too optimistic..).

    Maybe the best trade-off is when an IP address is logically tied to further information from the site (site profile, name, email, etc..). If so, the information is considered 'personal information' while a random drive-by DOS is just considered infrastructure data.

    --
    Bye!
    1. Re:Reasonable by Anonymous Coward · · Score: 1

      Seeing as how we're headed towards worldwide adoption of SSL as a standard it's reasonable to assume that everything will be considered private soon. IP addresses are not "an offering", they are required in the handshake process for communication. In my opinion the protocol determines whether a connection can be assumed private or not. HTTP no, HTTPS yes. That's why there's such a huge push for everything to be HTTPS now. It's a good thing for everyone. NSA can't scoop up tons of public traffic anymore, they have to target individuals like they were always required to; with a search warrant by a judge. Rubber stamping every single request for ad hoc mass surveillance is obviously illegal and far too close to big brother 1984 East Germany whatever. HTTPS is a good way to get things back on the right track. It will keep intelligence agencies honest to a degree. It's what the people want and deserve... or at least the illusion of it.

  3. Re:Sorry, What? by Anonymous Coward · · Score: 1

    Attacks by the Cybermen, but the Doctor will protect us.

  4. Re:Sorry, What? by EtCeteralodz · · Score: 1

    I do not know

    --
    Projektowanie stron internetowych, pozycjonowanie - hosting WWW
  5. Re:first post! by Impy+the+Impiuos+Imp · · Score: 1

    He might have made a first post years ago if he had tried instead of waiting 10 years first.

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
  6. Re:first post! by bluelip · · Score: 1

    I've been waiting at least that long for Natalie Portman, hold the hot grits.

    --

    Yep, I never spell check.
    More incorrect spellings can be found he
  7. Re:Ridiculous by MooseTick · · Score: 1

    "an IP Address is like a physical address on a house: it does not identify a person"

    Would you be ok with any business giving away your home address however they saw fit?

    --
    Ninjas don't carry tic tacs
  8. Re:Ridiculous by Ash-Fox · · Score: 1

    Would you be ok with any business giving away your home address however they saw fit?

    Already happens with the junk mail I get addressed to me and the fact my name and address are public record for company filings and whois records.

    I don't see why anyone else should be exempt if I'm not.

    --
    Change is certain; progress is not obligatory.
  9. NAT by Karrham · · Score: 1

    What about ISP that use NAT? In this case many users have the same ip address. Public WiFi hotspots usually have one ip address in Internet for its clients. I don't think that site owner can easy get information about persons that used some IPs from ISP, when users didn't some bad things.

  10. Re:first post! by Oswald+McWeany · · Score: 1

    I could only wait for about 2 minutes... ... Sorry Natalie!

    --
    "That's the way to do it" - Punch
  11. Re:I can see your IP! by Oswald+McWeany · · Score: 1

    Yeah, well I can see UP!

    --
    "That's the way to do it" - Punch
  12. Public or private? by unixisc · · Score: 1

    The ruling is somewhat laughable depending on what sort of dynamic address we are talking about here. If it is an address from RFC1918 - something like 192.168.7.11, then it's really silly, given that it's the address of any number of people in that number of separate networks. If it's a public /128 IPv6 address, I see the point - although given that a subscriber would usually get at least a /64, question that would arise - why not protect that entire /64 subnet?

  13. Re:Ridiculous by truedfx · · Score: 2

    I'm the only one living in my house and I have a static IP address. Both my physical address and my IP address do identify me. You cannot know just by looking at them whether they identify a person, and that by itself should already be reason enough to treat them as potential personal data. That said, you're being inconsistent. Date of birth does not identify a person. Date of birth in combination with other facts may. Party affiliation does not identify a person. Party affiliation in combination with other facts may. A physical address does not necessarily identify a person. That same address in combination with other facts may. An IP address does not necessarily identify a person. That same address in combination with other facts may.

  14. 192.168.0.3 by jfdavis668 · · Score: 4, Funny

    Sorry, you can't store it, it's personal protected data!

    1. Re:192.168.0.3 by Obfuscant · · Score: 1
      If that's the address you connect to someone's website with, they don't need to store it because you aren't getting any connections to start with.

      Are you confusing dynamic IP addresses with private netblocks?

    2. Re:192.168.0.3 by Coren22 · · Score: 1

      Well, mine is 127.0.0.1, hack that all you horrible internet hackers!

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
  15. No to IP address, phone number by raymorris · · Score: 1

    > I thought my IP address was the property of my ISP.

    It is explicitly NOT. The agreement an ISP signs to get numbers includes these terms:
    --
    Legacy Holder acknowledges and agrees that: (a) the number resources are not property (real, personal, or intellectual) of Legacy Holder; (b) Legacy Holder does not and will not have or acquire any property rights in or to any number resources for any reason
    ---

    See also:
    https://www.arin.net/policy/nr...

    The most important practical implication of that fact is that ARIN can, under the contract, revoke IP assignments from ISPs that aren't actively using them.

    > my phone number is property of the phone company

    Two words: Number Portability.

    1. Re:No to IP address, phone number by mark-t · · Score: 1

      Phone numbers are only as portable as the phone companies that govern them allow them to be. If you have a land line, try moving to another city in the same area code and see if they let you keep the same phone number.

      --
      File under 'M' for 'Manic ranting'
    2. Re:No to IP address, phone number by Luthair · · Score: 1

      I believe that was part of the regulation, and in general it makes sense for routing reasons.

  16. Re:first post! by alisande · · Score: 1

    and yet gone so fast.

    ps - probably my first post in over 10 years; actually had to re-create my old yahoo account to get the password... HA!

  17. Re:I can see your IP! by Luthair · · Score: 1

    The issue is that the IP address is trackable.

  18. Re:first post! by aliquis · · Score: 1

    I've been waiting at least that long for Natalie Portman, hold the hot grits.

    I guess this isn't the time to say "fuck her" but I would had taken and waited for Alizee instead. However I had missed she had become single and I thought she had more children (but that was Jolie) and now she's found someone new again.

    It's such BS. Alizee, you know I deserved you when you were young and hot, it should had been us, but chances by now I can't do better so you may still have a chance! ;D

  19. Re:first post! by KingBenny · · Score: 1

    I didnt quite see the legal text. Does this mean its officially forbidden for anyone and any server anywhere getting EU traffic to keep logs ?
    thats probably a good thing then but how do i turn it off ? this /var/log/ thing ? it just keeps coming faster than i can delete it ?

    --
    Free speech was meant to be free for all... how can anyone grow up in a nanny state ?