back to article German data regulators move to tighten IP address laws

Passing along IP addresses of web visitors to a third party without their permission could become illegal in Germany. According to the Frankfurter Allgemeine Zeitung, data protection authorities in Lower Saxony have already targeted sites who depend on IP addresses for online advertising. The Lower Saxony authorities recently …


This topic is closed for new posts.
  1. John Smith 19 Gold badge
    Thumb Up

    Good but will it change matters?

    Or will they go with the ever weaselily "T&C apply" where conditions include "Transfer everything we know to someone else."

    It's *very* sad that it seems that only a country that has *experienced* what a massive betrayal of personal data entrusted to their government has *any* recognition of what can happen.

    1. lglethal Silver badge

      Didnt read the article clearly did you?

      It says that "Informing web visitors that the information will be transmitted is not adequate.". Therefore sticking it in the T&C's is not good enough. You need to have people specifically state they are happy with the transfer before it can happen.

      God i love living in germany now! The only western democracy who are increasing peoples privacy rather then doing all they can to take it away!

    2. Daniel B.

      Oh the irony!

      The post-WW2 Germany has been very picky about user privacy; even more after the German Reunification as their former DDR brethren had to suffer the Stasi for much, much longer than the Nazi regime. I remember watching a documentary on privacy issues back in 1998, where they showed a pic of one guy who had been caught by an ANPR-ish speed camera speeding ... but the pic only showed him and not his passenger (it was his wife).

      Looks like they haven't given in to the Facebook/Google data grab. Good for them!

  2. Anonymous Coward
    Anonymous Coward

    And what about data retention?

    Is the government extraspecial or something? What guarantees do we have we can trust them, as opposed to having to trust them because they give us no choice? Quis custodiet etc.

  3. Benny


    If the address was dynamic, then doenst it still 'belong' to the ISP?

    1. Dave Bell
      Big Brother

      IP Addresses and privacy

      An IP address is a lot like a telephone number: part of the necessary working of the service, not always linkable to an individual, and yet the key to gathering a lot of information about an individual. We have laws and regulations covering the use of telephone numbers, and doing the same for IP address is justifiable. Of course, the technical differences do matter, and it's not going to stop the equivalent of the call centre in India.

      What worries me is how IPv6 will change things. Dynamic IP was the easy answer for banks of dial-up modems, NAT staved off the effects of the limited number of IPv4 addresses. Both make IP address less definitely individual. IPv6 is going to shift that balance, and we need laws that will take account of the changes. I rather think an IPv6 address will be unique to a particular computer, rather than merely to an incoming 'phone line, or to the router that handles a connection for a whole business.

  4. Mike Shepherd
    Thumb Up


    It's not about what belongs to whom. It's about putting together information (from whatever sources) to draw conclusions on matters proscribed by Data Protection laws.

    Even if you visit most sites anonymously, it's very useful to Google if they see the same IP address (dynamic or not) a few seconds or minutes apart.on two or more different sites. It allows them to draw likely conclusions which will soon connect your buying habits, your e-mail address, your taste in pornography etc.

    Of course, you'd hear arguments like "Well, we didn't know for absolute certain sure, your honour. it could have been someone re-using the same IP address 30s later" or "It could have been a proxy", But the information needn't be 100% accurate to gain enormous advantage from it (and to cause a great deal of trouble).

    A couple of weeks ago, I searched idly for information on laser toner prices, because I knew i'd need a new cartridge in the next couple of months. My next visit to YouTube (not linked explicitly to a Google account) was accompanied by adverts for laser toner. Even at its most innocent, it's like being dogged at every turn by pestering salespeople. Go, Germany!

    1. Wensleydale Cheese

      Data centre solutions adverts on the Sun newspaper website for me

      @Mike Shepherd:

      I recently followed a link someone sent me to an article in the Sun and was amazed to see adverts for data centre solutions. No Google account involved. This was on a shared PC at work, not "my PC". I had indeed spent the previous day or two looking at high end backup and recovery solutions. Since then I have used NoScript for general surfing and that seems to have helped.

  5. jake Silver badge



    google's entire IP-space has been shunned here for several years ... hasn't affected my so-called "internet experience", near as I can tell. Try it. You might like it.

  6. Wensleydale Cheese

    Define "dynamic" - Long lasting dynamic here

    My home broadband IP is dynamic, but in practice it only changes if I switch everything off for several days or the ISP implements an infrastructure change. I've been on the current IP for over a year now.

  7. david 63

    Face it..

    ...the companies providing free stuff are not charities.

    How long would El Reg stay free if it didn't serve up ads. Just turned ABP off and today it is Sage, the last time I looked it was Dell and HP.

    If you really don't want your IP known you can always browse through a proxy. But make sure the owner of the proxy has some integrity, which might mean paying for it.

    And let's face it if the hosting web site aren't allowed to send the IP all Google, Amazon and whoever else want to get the IP address all they have to do is provide content into an iframe. Then they get the requesting IP direct from the request. Which makes the judgement a waste of time and effort.

    I expect downvotes for this but the freetards need to get real. The few quid a month you pay your ISP is not supporting the infrastructure that is delivering your content. Someone somewhere needs to generate revenue. If that is by divulging a non-secret so you get advertising based on your browsing habits I think it's a small price to pay.

    1. Charlie Clark Silver badge

      Missing the point

      The case is not about how to pay for services but about data protection and privacy. The implications of unnecessarily divulging personal information go way beyond bits or targeted advertising and the potential for abuse should really scare the shit out of any sane person.

      Frames are only a partial solution and just as easily covered by the same legislation. Targeted adverts can make sense and can be done safely but anonymously. The advertising industry should concentrate on providing working implementations of it.

    2. david 63

      Only one dissenter...

      ...I'm slipping.

  8. BristolBachelor Gold badge

    Won't necessarily work

    Any website will just need to have a button that says "This web page needs to store your IP address to work properly. This may also be passed on to other companies to improve your internet experience".

    It's a bit like EULAs, cookies and flash. You either say you agree because you have no choice, or you go "somewhere else"*

    *Note "somewhere else" doesn't exist when everyone does it.

    1. Charlie Clark Silver badge
      Thumb Down

      Not sufficient

      Explicit permission requires a bit more than a button and "clickthrough EULAs" are not legally binding in Germany.

      Regarding cookies the EU directive clearly states that they may only be used when essential for providing technical services. The German data protection body, known as the "Düsseldorfer Circle", are currently mulling over the necessary changes to the Telemediengesetz.

  9. Anonymous Coward
    Anonymous Coward

    Hope this gets

    EU sanction, then perhaps it will stop all the stuff sent to third parties while you are logged on to your bank (yep it happens and the bank will not tell you whats sent only its ok with the ICO)

    Dont believe me, try wireshark

  10. Pablo

    Fine points of the law...

    So I'm curious. If I embed an ad in my page, and the ad itself is hosted by an advertising network, that means the user's browser will have to fetch it from there, thus revealing it's IP address. Would that be a violation of this law?

    Because if so, I would have to host all the ads myself, coordinate that with the people you're paying for them and somehow convince them to trust me that their ad is really being displayed to as many people as I say. That sounds almost completely unworkable, especially for smaller websites.

    On the other hand, if that *doesn't* count as sharing user IPs with advertisers, the law is basically worthless, since the end result is the same.

  11. heyrick Silver badge


    So if Germany implements this law, what effect would this really have? Surely it will just stop German sites from cluttering up with klingeltöne adverts and such, but what about when a German national visits a British site (El Reg), an American site, a Chinese site... what hope is there for German jurisdiction to mean diddly-squat in an international context?

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022