Skip to main content

Constitutional Court: No IP address to be Revealed Without a Court Order


The Constitutional Court of the Republic of Slovenia annulled the criminal conviction for an online defamation, which was based on the IP address of the perpetrator acquired from the website operator, without a court order. The Supreme Court’s view that the violation of an individual’s right to communication privacy was less severe as it was not committed by the state, was rejected as flawed.

An individual (complainant) was found guilty by a District Court of defaming the mayor of a small municipality by posting a comment under an article on an open-access website, using a pseudonym instead of her real name. She was ordered to pay a fine of EUR 1,066.40. The verdict was upheld by the High Court and the Supreme Court.

The complainant argued that her IP address had been acquired from the website operator based on the (allegedly defamed) mayor’s attorney’s request, which in her view, amounted to a violation of her constitutional right to communication privacy. Namely, Article 37 of the Constitution of the Republic of Slovenia provides that any intrusion of one’s (communication) privacy should be based on a court order. Only after the IP address had been acquired from the website operator, did the court – however in a parallel tort (civil) case – order the Internet service provider to reveal the person behind the IP address, thus connecting the complainant to the allegedly defamatory comment on the website.

The regular courts came up with several arguments to defend the position that there had been no violation of complainant’s privacy rights:

  • The IP address is not a piece of information that could identify a website user, and is therefore not considered personal data.
  • There could be no reasonable expectation of privacy as the complainant published the comment on an open-access website, thereby waiving her right to privacy; in effect, also her IP address no longer enjoyed the constitutional protection.
  • even though there was no direct legal ground for the website operator to reveal the IP address to the mayor’s attorney, it was a private company and not the state who violated the law. In light of this fact, the complainant’s right to privacy should, in concreto, give way to mayor’s right to his personal integrity.

The Constitutional Court unanimously rejected such views. The judges stressed that – contrary to a previous case in which the Court held that by using the E-mule peer-to-peer application to disseminate (illegal) content, whereby the IP addresses of the participants were visible to anyone, the perpetrator had no reasonable expectation of privacy regarding his IP address – in the present case the complainant had every reason to expect the privacy (of her IP address) despite the fact that her comment was made on a public and open-access website. Namely, she used a pseudonym instead of her real name. Moreover, on the website, neither her IP address nor any other designation enabling at least indirect identification were published, or visible to her when posting the comment.

The Court also stated that the anonymity of Internet communications, despite its obvious potential for committing criminal acts, enables personal development, freedom of speech and of expression, and in effect the development of a free and democratic society, as recognised also in the jurisprudence of the European Court of Human Rights.

For the said reasons, the Constitutional Court annulled all the regular courts’ decisions and ordered a retrial.


Article provided by INPLP member: Matija Jamnik (JK Group, Slovenia)



Discover more about INPLP, the INPLP-Members and the GDPR-FINE database

Dr. Tobias Höllwarth (Managing Director INPLP)

Cloud Privacy Check (CPC). Data Privacy Compliance in the Cloud Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.


About Us

EuroCloud is an independent non-profit organization and consists of a two-tier setup where organisations form all European countries can apply to participate in as long as they respect the EuroCloud Statutes.

To act as a true European player, all programs that are developed are intended to be European activities. These European programs are the strength of EuroCloud as a whole. Respect to local cultures along with the will to promote a real European spirit.