data it law June 2016: Dynamic IP Addresses as Personal Data or Model Clauses in the EU

The overview of interesting Data & IT Law articles and news in June 2016!


Dynamic IP addresses as Personal Data? The opinion of the EU Advocate General

One of the Advocate Generals of the Court of Justice of the European Union issued an opinion, in which he argued that dynamic IP addresses might be recognized as “personal data”. The article at the Proskauer Privacy blog analysed the opinion in more detail.

“In analyzing the arguments, the AG turned to Recital 26 of the Directive, which states that in order to determine whether or not a person is “identifiable” through certain information, “account should be taken of all the means likely reasonably to be used either by the controller or by any other person to identify the said person.” The AG reasoned that in a situation in which an Internet access provider holds information a service provider needs to identify a person through an IP address, a request for that information would be a reasonable means to identify the user in question (regardless of that fact that German law required a legal basis for such a transfer).  Accordingly, a person’s dynamic IP address could render that individual “identifiable,” thereby making a dynamic IP address “personal data” in accordance with the definition set out in the Directive.“

In case that the Court of Justice agrees with the opinion, it would impose stricter restrictions and obligations on all the people who collect or process dynamic IP addresses.


Trends in data encryption – better to delete than save data?

An interesting article at describes new trends in data encryption from the technical perspective.

These trends include:

  • enterprises are looking to own their encryption keys so that even if encrypted data falls into others hands, it can’t be decrypted
  • a need for metadata privacy. While encryption protocols such as PGP work well at encrypting message bodies, they don’t usually touch the subject lines or addresses, especially when email is read by HTML-compatible services
  • protecting sensitive data is not the same as providing anonymous communication
  • several corporations are actually deleting their most sensitive data files rather than saving them


Model (or standard contractual) clauses and a possibility to challenge them in the EU

We have recently written about the idea that national data protection authorities might be able to challenge EU Commission’s adequacy decisions (see the article here).

Ireland’s data protection commissioner had asked Ireland’s Hugh Court to determine the legal status of another alternative method of cross-border data transfers – model clauses. Out-law analysed the situation in its article.

It cited Max Schrems: “All data protection lawyers knew that model contracts were a shaky thing, but it was so far the easiest and quickest solution they came up with. As long as the US does not substantially change its laws I don’t see now there could be a solution”.

Bloomberg BNA quoted a data protection senior associate Peter Van Dyck, who said that “there was a “quite high likelihood” that the ECJ would invalidate SCCs on similar grounds to the invalidation of Safe Harbor. If SCCs are invalidated, it “probably means that Binding Corporate Rules won’t work either.”


Law in the Future – predictions by scholars

Benjamin Alarie, Anthony Niblett and Albert Yoon from University of Toronto published an article “Law in the Future” in SSRN. The article addresses a popular topic of understanding, to what extend technology is capable of changing the law and a legal practice.

These changes include:

  • the greater provision of information allows lawmakers to write not just more complete laws, but also better laws. These new laws – called “micro-directives” – will be more circumstance-specific than rules and more precise than standards
  • individuals and corporations will use technology to gain more accurate and more individualized information about how to optimally navigate the legal system.
  • Automation in legal industry: Over the past decade, law firms have turned to computer programs to analyze lengthy documents, reducing the time and cost of undertaking tasks such as due diligence and discovery. Electronic legal research tools are becoming increasingly accurate and specialized, facilitating faster and more economical legal research. Machine learning technologies and data analytics are being employed to predict how courts will decide particular cases. These technologies analyze not only how the facts of a particular case fit into the legal landscape, but also how individual judges have decided cases in the past and how the legal doctrine has evolved over time. Finally, transaction lawyers are using artificial intelligent programs to negotiate and draft contracts with and for their clients


Leave a Reply

Your email address will not be published. Required fields are marked *