Are IP Addresses Personal Information?
October 14th, 2008
This is some what of a ramble today based upon an Outlaw News article that was posted today: http://www.out-law.com//default.aspx?page=9505
A German court has ruled that website operators are allowed to store the internet protocol (IP) addresses of their visitors without violating data protection legislation. Without additional information, IP addresses do not count as personal data, it said.
This is interested because server logs almost always contain IP addresses. Would they be violating data protection legislation if they had a record of the hosts who accessed the web server? That would be ridiculous. I have mixed feelings about this, most of me personally do not see the problem with this, if a website wants to track when an IP address visits their site, and then correlate that data to user accounts then why is it a problem? Is it a problem if they geocode the IP address and store data related to accounts or geographic areas or demographics? Does that violate personal data since it is not targeted to a specific user?
While the document says that: “In practice, it is difficult to use IP addresses to build up personalised profiles,” said the guidance. “Many IP addresses, particularly those allocated to individuals, are ‘dynamic’. This means that each time a user connects to their internet service provider (ISP), they are given an IP address, and this will be different each time.”
I beg to differ. In practice I do not think it is particularly difficult to scan through server logs and/or customized event logs to get information on clients. Take a look at ARIN.NET whois page: http://ws.arin.net/whois/
then take a look at: http://www.maxmind.com/app/locate_ip
Does storing the IP address sound like private data now, or just the reports that can be automatically generated from this information. Any opinions thoughts or responses are always welcomed.
Entry Filed under: Server Security
Trackback this post