Jun 18, 2021

Storing IP addresses assigned to users?

From CASE OF BIG BROTHER WATCH AND OTHERS v. THE UNITED KINGDOM


 240.  However, in La Quadrature du Net and Others the CJEU confirmed that while the Directive on privacy and electronic communications, read in light of the Charter, precluded legislative measures which provided for the general and indiscriminate retention of traffic and location data, where a Member State was facing a serious threat to national security that proved to be genuine and present or foreseeable, it did not preclude legislative measures requiring service providers to retain, generally and indiscriminately, traffic and location data for a period limited to what was strictly necessary, but which could be extended if the threat persisted. 

For the purposes of combating serious crime and preventing serious threats to public security, a Member State could also provide  if it was limited in time to what was strictly necessary  for the targeted retention of traffic and location data, on the basis of objective and non-discriminatory factors according to the categories of person concerned or using a geographical criterion, or of IP addresses assigned to the source of an Internet connection. 

It was also open to a Member State to carry out a general and indiscriminate retention of data relating to the civil identity of users of means of electronic communication, without the retention being subject to a specific time limit.


http://hudoc.echr.coe.int/eng?i=001-210077