The European Court of Justice (ECJ) [official website] ruled [judgment] Wednesday that a website operator is legally permitted to store visitors’ Internet protocol addresses (IP addresses) because they have a legitimate interest in protecting themselves against cyber attacks. Under EU law, personal information can be processed [EU press release] if it is necessary to accomplish a legitimate objective and if it does not override the person’s fundamental freedoms. The ruling is also applicable to some dynamic IP addresses, which are IP addresses that change with every change in Internet connection. The court found that a dynamic IP address is personal data if the website operator is also able to obtain additional information from the visitor through the internet service provider.
Surveillance and data collection have been a worldwide topic of discussion, particularly after Edward Snowden leaked [JURIST report] top-secret US NSA documents in 2013. In December China passed a new anti-terrorism law [JURIST report] that requires technology companies to provide information to the government obtained from their products and make information systems “secure and controllable.” Last October the US Court of Appeals for the Second Circuit denied [JURIST report] a motion by the American Civil Liberties Union to halt the bulk collection of phone records by the NSA. The court ruled that Congress intended for the agency to continue its data collection over the transition period, and the new legislation was to take effect November 29. In August 2015 the US Court of Appeals for the District of Columbia Circuit reversed [JURIST report] a ruling that had blocked the NSA from obtaining call detail records from US citizens. In July 2015, MIT scientists published [JURIST report] a paper criticizing the US and UK governments for seeking the redesign of Internet systems to allow governments to access information even if encrypted.