Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Websites can store IP addresses to prevent cyber attacks

Reprints
Websites can store IP addresses to prevent cyber attacks


(Reuters) — Website owners are free to store users' internet addresses to prevent cyber attacks, the European Union's top court said on Wednesday, rejecting a claim from a German privacy activist who sought to stop the practice.

Patrick Breyer, a member of Germany's Pirate Party, had sought to stop the German government registering and storing his internet protocol, or IP, address when he visited its web pages, arguing that citizens should have a right to surf the web anonymously.

Website owners routinely store users' IP addresses to provide customized features, enable or disable access to content or to blacklist IP addresses involved in "denial of service" attacks against a website.

German law prevents website owners from keeping users' data indefinitely unless the data is required for billing purposes, but the Luxembourg-based Court of Justice of the European Union ruled on Wednesday that the prevention of cyber crime is a legitimate reason to store such data without users' consent.

"Internet companies will still follow us around the web, collect information about our private interests and pass this information on," Mr. Breyer said in response to the ruling. "Now the E.U. has to close this unacceptable loophole in data privacy laws as quickly as possible."

Joerg Hladjk, leader of the Brussels cyber security, privacy and data protection practice at law firm Jones Day, said the ECJ ruling was an important decision that expanded the "scenarios under which data can be retained without the user's consent beyond what is allowed under German law."