Breyer case of the Court of Justice of the European Union: IP addresses and the personal data definition

TL;DR

The paper analyzes the CJEU's Breyer case, clarifying when dynamic IP addresses are considered personal data based on the publisher's ability to identify visitors through legal means.

Contribution

It provides an interpretation of the Court's ruling, emphasizing the conditions under which IP addresses are classified as personal data in EU law.

Findings

IP addresses are personal data if publishers can identify visitors via legal means.

The Court's decision clarifies the scope of personal data in digital contexts.

Legal access to additional information determines personal data status.

Abstract

The Breyer case of the Court of Justice of the European Union (CJEU) primarily concerns the question whether a website visitor's dynamic IP address constitutes personal data for a website publisher, when another party (an internet access provider) can tie a name to that IP address. In essence, the Court finds that an IP address constitutes personal data for the website publisher, if that publisher has the legal means to obtain, from the visitor's internet access provider, additional information that enables the publisher to identify that visitor. In this case note, I summarise the facts and the judgment, and add a few comments.