KARLSRUHE, Germany (Reuters) - Germany’s Federal Court ruled on Tuesday that websites operated by the government are generally allowed to save users’ internet addresses but must provide reasons why doing so is necessary to help the sites guard against online attacks.
Website owners routinely store users’ Internet Protocol (IP) addresses, which can be used to locate a user’s computer, so that when cyber attacks happen criminal investigators can use such data as a means to help them figure out who the user is.
The court returned to a lower court in Berlin a complaint by Patrick Breyer, a member of the Pirate Party, who had sought to stop the government practice of registering and storing his computer’s internet address when he visited its web pages.
Breyer and the government had both appealed against a previous ruling from the lower court in Berlin, which said saving IP addresses was only possible in exceptional circumstances. The court in Berlin subsequently referred the case to the Federal Court.
The Federal Court stressed the importance of the crime deterrence effect of its ruling.
The Berlin court must now decide whether saving the data is necessary and proportionate in terms of balancing security and privacy rights.
In October, the Luxembourg-based Court of Justice of the European Union rejected Breyer’s claim, saying website owners are free to store users’ internet addresses to prevent cyber attacks.
Laws passed last year in Britain and France give police sweeping new powers to require web service providers, including internet cafes, to track what websites online users visit, how long they stay, and computer-specific details of each user.
Reporting by Ursula Knapp; Writing by Michelle Martin; Editing by Eric Auchard