CJEU Rules Websites May Have Legitimate Interest in Storing User Data to Protect Against Cyberattacks (October 19, 2016) [1]
On October 19, 2016, the Court of Justice of the European Union ruled [3] in Breyer v. Bundesrepublik Deutschland that website operators may have legitimate interests in maintaining records of the internet protocol addresses (IP addresses) of digital visitors to their sites. According to the press release [4], the plaintiff brought an action seeking an injunction against the German government websites on which he consults as a contractor that would prevent them for storing his IP address. The Court ruled that “according to EU law, the processing of personal data is lawful, inter alia, if it is necessary to achieve a legitimate objective pursued by the controller.” The websites stored IP addresses to cross-reference with the relevant internet service provider in the case of a cyberattack so that charges could be appropriately filed. The Court ruled that the German government “may have a legitimate interest in ensuring the continued functioning of their websites,” and thus that their action was permissible under EU law.