The Federal Court of Justice (BGH) confirms dynamic IP addresses of website visitors to be personal data protected by law. This is made clear by the highest German court in a judgment today.
We have a problem here in Europe, Germany especially. Our data protection law is very strict. We need to be careful what we do with personal data we collect. When you visit a website, the website knows your IP-address. Per European Court judgement in 2011 your IP-address is personal data. Your mail-address, name, gender and phone number is too, obviously.
Lawyers were quick to respond to that because if the unwary website owner had Google Analytics running, which plenty had, it was suddenly illegal to transfer IPs to Google without consent of the user. Google responded with an anonymize-IP-feature for Analytics.
Court of Justice of the European Union | Luxembourg, 6 October 2015
The Court of Justice of the European Union has declared a decision as invalid that had made the U.S. a Safe Harbor for European Data. This basically means that Europe is not legally allowed to transfer personal data to the U.S.
But this is just the tip of the iceberg when you think about it. Whenever you embed a video, implement Disqus to a website or even utilize an online advertising network: you promote your user’s IP to god-knows-where. And if you use a newsletter service like MailChimp, ActiveCampaign etc. you provide even name and email to a third party.
Now, to make transatlantic transfer of personal data legal again the U.S. Department of Commerce and a European Commission have instituted a self-certification framework called Privacy Shield. And Trump pees on the whole thing.
This is quite bad as Google’s G Suite proudly announced more than 3 million business customers lately. European businesses would be well advised to shun this U.S. and cloud based office solution for now, or any other non-GDPR-compliant offshore business service mentioned by Cloudwards. On the other hand, Germany has caved in to Google before.