Wie können wir Ihnen weiterhelfen?

+49 (0) 221 / 97 31 43 - 0

Sie brauchen rechtliche Beratung? Dann rufen Sie uns an für eine unverbindliche und kostenlose Ersteinschätzung. Bundesweit!


Gerne können Sie uns Ihr rechtliches Anliegen per E-Mail schildern. Sie erhalten zeitnah eine unverbindliche und kostenlose Ersteinschätzung von uns.
You are here: Start / Legal News

Are dynamic IP-addresses to be considered personalised data?

The Federal Court requested on October 28, 2014 the European Supreme Court to give a ruling on the question whether dynamic IP addresses are personalised data according to the data protection law (Case No. VI ZR 135/13).

In this dispute, the plaintiff objects to the idea that the Federal Republic of Germany saves all the IP addresses of the visitors of the websites. An IP address is a sequence of numbers that are assigned to a certain device (cloud-storage, server) and thus there are available for other devices (computer, smartphone, and tablet). Telecommunication provider assigns to internet connections utilised by private users an IP address. Usually the provider use dynamic IP addresses. By using dynamic IP addresses the telecommunication provider does not assign the same IP address to the respective connection.

According to the applicant the dynamic IP address can be considered a personalised data. The legal basis is currently lacking as far as the storage of IP addresses is concerned. In the opinion of the applicant the BRD should cancel the dynamic IP addresses after someone visited a webpage and should not be allowed to save them. That is why he sued for an injunction.

It is possible to apply for an injunction according to § 12 paragraph 1 and paragraph 3 TMG (telemedia law) if a dynamic IP address can be classified as personalised data. Personalised data are according to § 3 paragraph 1 BDSG (German Federal Data Protection Act) particulars about personnel or material circumstances of a specified or specifiable natural person. This is clearly a point of controversy among experts. No IP address allows for conclusions regarding a natural person, because the IP address is a number of sequences assigned to a computer connected to Internet. In addition to the IP address we need to have complementary knowledge from a third party to identify the owner of the connection and to establish an indirect reference to a person. The network operator, thanks to the stored connection details, can find out to whom was assigned a certain IP address in a particular moment. Thus it is possible to find out the owner of the connection but the user of the data (in this case the BRD) cannot provide a direct link to any person.

The Federal Court in this dispute did not come to a final decision, suspended the procedure and requested the European Court to rule hereon. According to article 267 paragraph. 1 lit. b) AEUV this case did fall within the jurisdiction of the EU. The interpretation of the issue whether an IP address is to be considered a personalised data is of European relevance, because the scheme in question according to the German Federal Data Protection Act (§ 3 para. 1 BDSG) is based on an EC Directive (RL 95/46/EG). The German legislator has literally copied the wording as in article 2 lit. a) RL 95/46/EG. According to article 267 paragraph 3 AEUV, the Federal Supreme Court was therefore obliged to submit to the European Supreme Court the ruling on the question of interpretation, before it could come to a decision on the specific case.