Dynamic IP addresses can be personal data – Advocate General Opines

The question of the extent to which privacy rights have a practical purchase in the online world is very much in the news this week (see below my post on this topic earlier today). An important aspect of this issue is the extent to which individuals are positively identifiable as and when they operate within the online environment. If they are not identifiable then, certainly from a data protection perspective, it cannot be said that their data privacy rights are engaged. This identifiability issue was itself central to the Court of Appeal’s analysis in the case of Vidal-Hall v Google. There the issue was whether the tracking data which Google amassed in respect of the online browsing habits of Google users amounted to personal data, so as to engage data protection legislation. The Court of Appeal had no difficulty in concluding that there was at the very least a serious issue to be tried on this question.

But what about dynamic IP addresses are they also sufficiently identifying to amount to personal data? This is the issue which is currently before the Court of Justice of the European Union in the case of Breyer Case C582/14. Importantly, the Advocate General has now given his opinion on the issue, concluding that dynamic IP addresses can indeed constitute personal data (see here). This is an important development, not least because it reaffirms the fact that the clear direction of travel within Europe is firmly in favour of putting data privacy rights centre stage within the online environment.

Finally, it is worth noting that 11KBW’s Tim Pitt-Payne QC and Robin Hopkins have recently been engaged in battle on a very similar issue before the UK’s information tribunal – see here.

Anya Proops QC