The Protection of Privacy of the IP Address in Slovenia
Abstract
The protection of communication privacy covers not only the content of the conversation, but also other information related to the communication (metadata). The most prominent type of metadata in online communication is IP address, which defines the location of a computer or other connected device in the network. As a purely technical information, an IP address does not refer directly to any individual and is not in itself personal information. Yet, it can also be used to identify individuals online, track their location and online activity. An IP address is never strictly private, since any internet user’s IP address is visible to other participants in regular online interactions, which differentiates it from typical private information. The paper examines the conditions, developed in case law of the European Court of Human Rights and Court of Justice of the European Union as well as the Slovenian courts, under which an IP address can be considered personal data and when it is protected as a part of one’s communication privacy. The paper then focuses on the issue of whether an individual should be considered to have waived the privacy protection of their IP address if they have taken no measures to hide it. The relevance of the distinction between static and dynamic IP addresses from the perspective of privacy protection is also discussed.
References
Brkan, M. (2014) ‘Varstvo osebnih podatkov v spletnem okolju’ in Damjan, M. (ed.) Pravo v informacijski družbi. Ljubljana: GV Založba, pp. 67–88.
Brkan, M. (2019) ‘The essence of the fundamental rights to privacy and data protection: finding the way through the maze of the CJEU’s constitutional reasoning’, German Law Journal, 20(6), pp. 864–883; https://doi.org/10.1017/glj.2019.66.
Bygrave, L.A., Tosoni, L. (2020) ‘Article 4(1). Personal data’ in Kuner, C., Bygrave, L. A., Docksey, C., Drechsler, L. (eds.) The EU General Data Protection Regulation (GDPR): A Commentary. 1st edn. Oxford–New York: Oxford University Press, pp. 103–115; https://doi.org/10.1093/oso/9780198826491.003.0007.
Cerar, M. (2009) ‘Vrednotna izhodišča varstva informacijske zasebnosti’, Podjetje in delo, 35(6–7), pp. 1403–1413.
Daly, M. (2022) ‘Is there an entitlement to anonymity? A European and international analysis’, European Intellectual Property Review, 35(4), pp. 198–211.
El Khouri, A. (2017) ‘Dynamic IP Addresses Can Be Personal Data, Sometimes. A Story of Binary Relations and Schrödinger’s Cat’, European Journal of Risk Regulation, 8(1), pp. 191–197; https://doi.org/10.1017/err.2016.26.
Golobinek, R. (2021) ‘Zadeva Benedik in vprašanje sodne odredbe za podatke o uporabniku naslova IP’, Pravna praksa, 40(47), supl., pp. II–VI.
Hrustek, N. A., Matijašević, N. (2018) ‘Pravica do zasebnosti na svetovnem spletu’, Dignitas, 55/56, pp. 193–204.
Klemenčič, G. (2011) ‘IX. Splošno o komunikacijski zasebnosti’ in Šturm, L. (ed.) Komentar Ustave Republike Slovenije: dopolnitev – A. Kranj: Fakulteta za državne in evropske študije, pp. 519–565.
Kranenborg, H. (2021) ‘Article 8 – Protection of Personal Data’ in Peers, S., Hervey, T., Kenner, J., Ward, A. (eds.) The EU Charter of Fundamental Rights: a commentary. 2nd edn. Oxford–New York–Dublin: Hart Publishing, pp. 231–290; https://doi.org/10.5771/9783748913245-231.
Križnar, P. (2017) ‘IP-naslov za potrebe kazenskega postopka’, Pravna praksa, 36(14), pp. 16–20.
Križnar, P. (2018) ‘Benedik proti Sloveniji’, Pravna praksa, 37(19), pp. 6–8.
Lesjak, B. (2019) ‘37. člen (varstvo tajnosti pisem in drugih občil)’ in Avbelj, M. (ed.) Komentar Ustave Republike Slovenije, 1. De Nova Gorica: Nova univerza, Evropska pravna fakulteta, pp. 356–361.
Lesjak, B. (2022) ‘Zakaj je naslov IP osebni podatek po GDPR’, Pravna praksa, 41(27), pp. 14–15.
Mangan, D. (2021) ‘Article 7 (Private Life, Home and Communications) – Respect for Private and Family Life’ in Peers, S., Hervey, T., Kenner, J., Ward, A. (eds.) The EU Charter of Fundamental Rights: a commentary. 2nd edn. Oxford–New York–Dublin: Hart Publishing, pp. 151–194; https://doi.org/10.5771/9783748913245-151.
Murray, A. (2010) Information Technology Law: The Law and Society. 1st edn. Oxford: Oxford University Press.
Pirc Musar, N. (2018) ‘Benedik v Slovenia: Dynamic IP and Communication Privafcy’, European Data Protection Law Review, 4(4), pp. 554–562; https://doi.org/10.21552/edpl/2018/4/22.
Pirc Musar, N. (ed.) (2020) Komentar Splošne uredbe o varstvu podatkov. 1st edn. Ljubljana: Uradni list RS.
Schabas, W. (2015) The European Convention on Human Rights: a commentary. 1st edn. Oxford: Oxford University Press.
Skubic, Z. (2016) ‘Hramba določenih spletnih osebnih podatkov zaradi obrambe pred kibernetskimi napadi’, Pravna praksa, 35(49–50), p. 47.
Stalla-Bourdillon, S., Knight, A. (2016) ‘Anonymous Data v. Personal Data – False Debate: An EU Perspective on Anonymization, Pseudonymization and Personal Data’, Wisconsin International Law Journal, 34(2), pp. 284–322.
Zagozda, G. (2022) ‘Zakaj naslov IP ne bi smel biti zaščiten podatek po GDPR’, Pravna praksa, 41(8), pp. 10–11.
Zuiderveen Borgesius, F. J. (2017) ‘The Breyer Case of the Court of Justice of the European Union: IP Addresses and the Personal Data Definition’, European Data Protection Law Review, 3(1), pp. 130–137; https://doi.org/10.21552/edpl/2017/1/21.
