Patrick Breyer – CJEU Judgment (Germany, 2016)
CJEU precedent (Directive 95/46/EC, pre-GDPR)
This is a Court of Justice judgment predating the GDPR. It interprets Directive 95/46/EC (the Data Protection Directive). It is not a cookie or ePrivacy case and is excluded from cookie statistics and the Risk Calculator.
The Court of Justice ruled on whether storing IP addresses from website visits counts as personal data. They decided that dynamic IP addresses can be personal data if combined with other information to identify a user. This case highlights the importance of how personal data is defined and protected online.
What happened
The Court of Justice decided that dynamic IP addresses can be considered personal data if they can identify a user when combined with other information.
Who was affected
Website visitors whose IP addresses were logged by German Federal Institutions' websites were affected.
What the authority found
The Court of Justice ruled that dynamic IP addresses can be personal data if they can identify a user when combined with other information.
Why this matters
This decision emphasizes the need for website operators to consider IP addresses as personal data under certain conditions. It underscores the importance of protecting user privacy and ensuring compliance with data protection laws.
National Law Articles
Mr. Breyer accessed several websites, which provided topical information, operated by German Federal Institutions which were accessible to the public. To prevent attacks, the sites stored information on all access operations in log files. Information stored include name of the web page, terms entered in the search fields, time of access, quantity of data transferred, an indication of whether the access was successful and the IP address of the computer that accessed the website. Mr. Breyer brought an action before the German Administrative Court seeking an order to restrain the Federal Republic of Germany from storing his access information of his visit to the website. This first action was dismissed. He appealed to the Court of Appeal. The court granted the injunction but only in part. The court ordered the Federal Republic of Germany to refrain from storing or arranging with third parties to store, at the end of each consultation period, information relating to Mr. Breyer's access including his IP address and any information that could result in revealing his identity. The court further stated that a dynamic IP address together with the date on which the website was accessed, where the user had revealed his identity during that consultation period, amounts to personal data since the user’s identity is tied to that particular dynamic IP address. On the other hand, the court observed stated that where Mr Breyer did not reveal his identity and only the internet service provider knew his identity the dynamic IP address doesn’t amount to personal data. Mr Breyer and the Federal Republic of Germany each brought an appeal on a point of law before the Federal Court of Justice, Germany (Bundesgerichtshof). Mr Breyer sought to have his application for an injunction upheld in its entirety while the Federal Republic of Germany sought to have it dismissed. The Federal court stayed the proceedings and referred the following issues to the CJEU. The CJEU answered the following
Outcome
CJEU Judgment
A judgment by the Court of Justice of the European Union, typically on a preliminary reference from a national court.
Related Cases (0)
No other cases found for Patrick Breyer in DE
This is the only recorded case for this entity in this jurisdiction.
Details
Judgment Date
19 October 2016
Authority
Court of Justice of the European Union
GDPRhub ID
gdprhub-cjeu-2962About this data
Cite as: Cookie Fines. Patrick Breyer - Germany (2016). Retrieved from cookiefines.eu
Last updated: