On September 23, 2008, the Dutch Data Protection Authority (DPA) published an infringement decision regarding the web site “Geencommentaar.nl” (“No Comment”), a news web-blog. The web site was accused of secretly registering the IP addresses of visitors in order to create a list of undesirable users. The list was then made available to interested third parties in the form of a “black list”. The black list allowed web site owners to detect and subsequently deter certain users from taking part in discussion fora or in other forms of interactive communications. The DPA concluded that this practice was in breach of data protection law. In particular, the DPA concluded that: (1) IP addresses are regarded as personal data; (2) the Dutch web site had processed the IP addresses without a legitimate legal basis; and (3) it had violated its obligation to notify the user of the data collection. However, since the web site ultimately removed the application and destroyed the database, the DPA waived further disciplinary actions. Additional information is available (in Dutch) here.