A German court has ruled that an IP address is not afforded the same privacy protections that Internet users enjoy for their names and other personally identifying information, even though a user may have a static IP address which is directly linked to the user alone.
In the ruling that was handed down last week, the district court of Munich held that without additional contextual information, an IP address alone does not count as “personal data.” Personal data is zealously protected throughout most of the European Union – much more so than it is in the United States.
And while the same issue has not yet come before a UK court, the UK’s office of the Information Commissioner has published guidelines which come to a similar conclusion, stating that “In practice, it is difficult to use IP addresses to build up personalised profiles…. Many IP addresses, particularly those allocated to individuals, are ‘dynamic’. This means that each time a user connects to their internet service provider (ISP), they are given an IP address, and this will be different each time…. So if it is only the ISP who can link the IP address to an individual it is difficult to see how the Act can cover collecting dynamic IP addresses without any other identifying or distinguishing information.”
The UK guidelines go on to acknowledge that “Some IP addresses are ‘static’, and these are different. Like some cookies, they can be linked to a particular computer which may then be linked to an individual user. Where a link is established and profiles are created based on static IP addresses, the addresses and the profiles would be personal information and covered by the Act. However, it is not easy to distinguish between dynamic and static IP addresses, so there is limited scope for using them for personalised profiling.”
|Get notified of new Internet Patrol articles for free!
Privacy advocates, however, including a committee of European privacy watchdogs known as “the Article 29 Working Party,” urge that IP addresses should be treated as personal data, both by ISPs and by search engines. The Article 29 Working Party argues that “Unless the Internet Service Provider is in a position to distinguish with absolute certainty that the data correspond to users that cannot be identified, it will have to treat all IP information as personal data, to be on the safe side.”
No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!
|Get notified of new Internet Patrol articles!