The use of the specialised ICACCOPS software system by the police, which enables the identification of internet users’ IP addresses involved in the distribution of known child pornography files, has been ruled lawful by the Supreme Court.
The general and non-discriminatory retention of IP addresses by internet service providers, whether dynamic or static, was also deemed lawful, as the Supreme Court ruled that an IP address on its own does not constitute a user’s personal data. Instead, it belongs to the internet service provider, and police access to such data, following a court order, is considered legal.
A different approach, the court stated, “would entail a real risk of systemic impunity not only for offences infringing intellectual property rights or related rights but also for other types of criminal offences committed via the Internet or whose commission or preparation is facilitated by the particular characteristics of the Internet.”
This reasoning summarises the Supreme Court’s 30 July 2025 decision, which dismissed a suspect’s request—related to offences of acquiring and distributing child pornography images and videos via the Internet—to annul a court order obtained by police during the criminal investigation for access to a specific IP address identified through the ICACCOPS software.
According to the facts of the case, an internet user between September 2022 and January 2025 possessed and made available child pornography files for sharing. Further investigation linked the IP address to a specific Cypriot internet service provider, and through a court order revealing the details, police successfully identified the user.
The suspect, through his lawyers, requested the cancellation of the access order, claiming, among other things, that the order was based on unlawfully obtained evidence and that the retention of the IP address by the electronic communications and internet service provider was illegal.
The Attorney General of the Republic argued that IP addresses are not the user’s personal data but belong to the internet service provider and only become personal data once disclosed by them. It was also argued that the general and indiscriminate retention of IP addresses of all subscribers by service providers in no way contravenes the Constitution or EU law. The Attorney General further maintained that the operation of ICACCOPS is legal and does not violate any individual’s personal data or right to private communication.
The Supreme Court rejected the suspect’s request and upheld the order for access to telecommunications data.
The case was handled on behalf of the Attorney General of the Republic by Mr Andreas P. Aristides, Senior State Advocate, and Ms Nadia Koliarou, State Advocate.
Source: Law Office Cyprus
Featured photo source: Zero Abuse Project
Also Read: President Christodoulides reviews fire recovery progress in Limassol
For more videos and updates, check out our YouTube channel.
