EU Official: IP Addresses are Personal Information

IP addresses, string of numbers that identify computers on the Internet, should generally be regarded as personal information, the head of the European Union's group of data privacy regulators said Monday. Germany's data protection commissioner, Peter Scharr, leads the EU group preparing a report on how well the privacy policies of Internet search engines operated by Google Inc., Yahoo Inc., Microsoft Corp. and others comply with EU privacy law. He told a European Parliament hearing on online data protection that when someone is identified by an IP, or Internet protocol, address "then it has to be regarded as personal data." His view differs from that of Google, which insists an IP address merely identifies the location of a computer, not who the individual user is - something strictly true but which does not recognize that many people regularly use the same computer terminal and IP address.

Scharr acknowledged that IP addresses for a computer may not always be personal or linked to an individual. For example, some computers in Internet cafes or offices are used by several people. But these exceptions have not stopped the emergence of a host of "whois" Internet sites that apply the general rule that typing in an IP address will generate a name for the person or company linked to it. Treating IP addresses as personal information would have implications for how search engines record data. Google led the pack by being the first last year to cut the time it stored search information to 18 months. It also reduced the time limit on the cookies that collect information on how people use the Internet from a default of 30 years to an automatic expiration in two years. But a privacy advocate at the nonprofit Electronic Privacy Information Center, or EPIC, said it was "absurd" for Google to claim that stripping out the last two figures from the stored IP address made the address impossible to identify by making it one of 256 possible configurations.

View: Full Story @ Associated Press

Report a problem with article
Previous Story

DX10 effects with DX9 for patched Crysis 1.1 - Crysis AddOn

Next Story

Researchers sharpen X-ray vision

22 Comments

Commenting is disabled on this article.

I don't think that an IP should identify a certain person. It's the question of privacy. I don't want anyone else to know what I read in the morning and which news portal I prefer over another, not considering from whom I get mails and so on.

Hmmm... yes. And people with whom you communicate (in this case, by mail), whether friends or companies that you have businesses with (utilities, magazine subscriptions, etc) need to have your address. And, in fact it is public and shared.

(markjensen said @ #6.1)
Hmmm... yes. And people with whom you communicate (in this case, by mail), whether friends or companies that you have businesses with (utilities, magazine subscriptions, etc) need to have your address. And, in fact it is public and shared.

But your home address is still regarded as personal information, rightly so in my opinion. You wouldn't post your home address on a social networking site because it is not public and shared, it's personal.

it's not personal info

most people are designated a random IP address from their provider

it requires the ISP to actually look up who was using it at the time. the logs of IP addresses on ISP servers should be personal info since that's the only thing that actually links the random number to you. but it can't be since it's the ISP's logs and the ISP's servers

And there are millions of people with fixed IP addresses - such as myself, thus my IP is directly my personal information - hence I would be more than interested to enforce some level of data protection on it.

(daPhoenix said @ #5.1)
And there are millions of people with fixed IP addresses - such as myself, thus my IP is directly my personal information - hence I would be more than interested to enforce some level of data protection on it.

+1 Agreed

(TCLN Ryster said @ #5.2)

+1 Agreed

But there are methods available to you which allow you to protect your own personal data. What can these organizations do to make you safer when your personal information is available to anyone online? You need to get a rotating IP if you're concerned about your privacy that much.

(TCLN Ryster said @ #5.2)

But there are methods available to you which allow you to protect your own personal data. What can these organizations do to make you safer when your personal information is available to anyone online? You need to get a rotating IP if you're concerned about your privacy that much.

We shouldn't have to work around companies not prepared to protect our personal information. When we provide companies with personal information, it's their responsibility to keep that data protected.

Yes yes, EU is evil and their intent is to destroy the American capitalism.

Now, if you actually knew what you were talking about you'd know how much the US gov't has done in the past 20 years to protect your "home market" - preventing foreign businesses from introducing products by delaying them until your local provider has been able to duplicate the technology or product, enforcing taxation or simply barring the product - once again until miracously it gets approved once a US bsaed company releases it.

"Take a look around" - perhaps you'd see how much your own little system has done to "stick it to non-US businesses".

wow... an IP address is someones personal information? I can see how it could be considered that, but it's your link to the internet. without IP traces, we would have a dramatic increase in pedophiles and dos attacks

What?

Paedophilia is a crime as well as DDOS attacking, and the police has the rights to unveil the personal information of criminals. Actually, that's much of their job. This will not apply to criminal activities

So people who are interested in protecting your rights and your privacy should have no say in the future of Britain?

Here, let me hold the gun while you point it at your feet.

(Ste said @ #1)
omg that people is why we shouldnt let the EU (the future of britan) to have a say on the internet!

ste


Love comments like this. It's really, really ignorant and usually come from people who no matter what happens will say there's a problem with the EU. They're looking to protect people's personally identifiable information. And as for 'britan' being any better, what about all the recent leaks of personal information here in the UK? Information being found on roundabouts, millions of peoples child benefit information being lost. Yeah, Britain's at the forefront of personal privacy

(beardedwonder said @ #1.4)
Love comments like this. It's really, really ignorant and usually come from people who no matter what happens will say there's a problem with the EU. They're looking to protect people's personally identifiable information. And as for 'britan' being any better, what about all the recent leaks of personal information here in the UK? Information being found on roundabouts, millions of peoples child benefit information being lost. Yeah, Britain's at the forefront of personal privacy :rolleyes:

It's really a double edged sword though. Your computer is transmitting its IP to any site you connect to, currently that means someone on your connection is accessing it, but with this law it means YOU connected to it. If someone hacks your router, if you split your connection and one of the users uploads child pornography, releases his latest movie cam or sends a bomb threat from it you're going to have one hell of a time proving that it wasn't you. It's like if someone that looks similar to you takes your license, hits someone's car and gives them your information from the ID, you're going to need a damn good alibi.

If you want to protect an identity online then you need to obfuscate it behind proxies, shared IPs and encryption, not making it more identifiable.

britan?

If you don't agree with the EU, then I dare you to post your home address here.
Following Google's logic it is not personal information, only "merely identifies your location, not who the individual user is."