sjb007

A German court has ruled that website operators are allowed to store the internet protocol (IP) addresses of their visitors without violating data protection legislation. Without additional information, IP addresses do not count as personal data, it said.

The issue has never been tested in a UK court but the view of the German court is consistent with guidance (pdf) published last year by the UK's Information Commissioner.

Search engine companies and other web publishing operations store IP addresses in a bid to identify users and their usage patterns. Privacy activists have argued that IP addresses should count as personal data under data protection legislation. Publishers have claimed that while IP addresses can be personal data, they are not always necessarily so.

In a provisional ruling, the district court of Munich has said that when stored by an internet publisher, IP addresses are not personal data under the country's Privacy Act because the information cannot be easily used to determine a person's identity.

The ruling said that an internet service provider (ISP) could not tell a third party who was using a particular IP address at a particular time without a legal basis. ISPs generally do not give out such information except when ordered to do so by a court.

The only other way for a person's identity to be determined by the IP address would be for the information to be transferred to a third party illegally, the court said.

Full article here - http://www.theregister.co.uk/2008/10...l_data_ruling/