Dive Brief:

• The EU’s top court on Wednesday gave website owners a green light to store users’ internet addresses indefinitely in order to thwart cyberattacks.
• The Court of Justice of the European Union said the prevention of cybercrime is a reasonable reason for website owners to store such data without a users' consent.
• The ruling came following the request by a member of Germany’s Pirate Party to stop the German government from storing his IP address, arguing that the collection of data would allow German authorities to collect information about his interests.

Dive Insight:

Website owners can use stored IP addresses to blacklist IP addresses association with a distributed denial of service (DDoS) attack against a website.  DDoS attacks are a growing threat to the enterprise. A report released last month from information services and analytics firm Neustar found that more than half of DDoS attacks result in additional compromises on a network. In September, French hosting firm OVH was hit with two concurrent DDoS attacks attributed to botnets made up of compromised IoT devices.

The EU has been cracking down on privacy issues, and released its new Privacy Shield law earlier this year, so this ruling came as a surprise in some corners. But Germany has appeared to be less concerned about individual user privacy. In August, Germany and France jointly proposed a new law that would compel technology companies to decrypt data for law enforcement investigators. Several European groups immediately denounced the proposal, arguing there is no secure way to provide “backdoor” access to encrypted data. A similar battle has been taking place in the U.S.