IP addresses in server logs not personal data: Ruling A German court has ruled that website operators are allowed to store the internet protocol (IP) addresses of their visitors without violating data protection legislation. Without additional information, IP addresses do not count as personal data, it said. The issue has never been tested in a UK court but the view of the German …
Oh, so my static IP address that is locked onto my account and subsequently my landline's adsl isn't capable of identifying me personally or my shopping/browsing habits... I was worried for a minute...
Paris because her homemovie making bears a striking resemblance to my browsing habits. (I will download and take a look, or cheggit out .. wonder if anyone will 'get' that ;))
... with the ruling but a few points to make.
1 - like BT and the Phorm debacle an ISP can pretty much, without legal backing, use this type of data for other uses.
2 - what and internal marketing that the ISP may do i.e. profile their customers
3 - Dyanmic IPs, in my experience, dont necessarily change each time you connect, especially with the advent of home broadband where the router at the punters location connects to the ISP and keeps the connection live for days/weeks/months. (Mine is slightly different cos I turn mine off when I am not using it to make sure that no-one can jump onto my WiFi, WEP/WAP/Whatever I dont trust it - paranoid? Yes....) So what to do with thes "semi-static" IP's?
4 - Illegal gaining of this information is highly possible. Without adequate precautions by the ISP, anyone into a bit of industrial esponage or just wanting to make a quick buck could put a LOT of info on a usb key (or similar)
Apart from that, I agree with the ruling and see it as, generally, fair. If the ISP wants to track things like "dont massively download on your 'unlimited' package" or "dont download illegal stuff" then that is up to them as long as its defined nicely in their T&C's and the punter can choose to be bound by those rules or not - as should be the notification that this info IS stored and WILL NOT be used for anything else blah blah blah. Dont try and hide it, that will just rile people. If you make it clear people can make the choice if they want to live with it or not, you may be suprised!
Meh.... whatever!
Aliens cos like big brother... they are watching us!
It seems our German courts are beginning to see sense in the privacy field.
This is superb news.
I have always wondered how nutters see an IP address as 'personal'. Obviously with other information it can contribute to assisting in identification, but so can your urine in the public toilet - yet you pissed that away without concern for your privacy!
We all know it (your piss) could be used to identify you if somebody put their mind to it and had sufficient background information, time, and money.
If a website sets a cookie when I visit and records my IP address each time I visit, the owners of that website can easily track changes in my dynamic IP address over time - so they can link together all my visits to their site (assuming I use the same computer, user account on that computer and the same browser and also assuming I haven't disabled cookies).
Hence owners of well used websites (e.g. search engines, webmail sites, news sites, blog sites etc) can build up a history of my dynamic IP addresses over time. And let's face it, your dynamic IP address can only change after disconnect/reconnect, and most ISPs use DNS leases that mean you get the same IP address on reconnect anyway - but possibly forcing a change periodically so you have to pay extra for a static IP if you want to run services from your home connection.
So we have lots of different organisations who potentially have a complete (or mostly complete) picture of my dynamic addresses, and who are allowed to share this information - neatly making it more accurate as they increase the information known about you as they share it with each other.
This means the difference between static and dynamic IPs is very small in terms of privacy, and hence there really should be no legal difference ascribed to the protection afforded for either.
IP address alone maybe not. I don't see a problem with a typical web server log as long as they don't plan to keep it beyond the time it's useful to manage the web server.
But add a cookie and you have more info, log on to an account and they have more, buy something and they know who you are.
Do you really think that Google will not be tempted to take your IP address and link it with your cookie + gmail logon + google checkout + all your search data?
and that is a fact, get over it
if someone track your car plate number they will know which shop you visited, but they will not know what you actually bought. They will know that you went to the liberally but they will have no idea what you searched for. Only the people in the place you visited will know what you did, people outside will have no idea. The same apply to your IP address.
P.S. your account with the shop you visited (or credit card number) is the equivalent to your cookie. It doesn't matter what car/transportation you use, as long as you use the same credit card number, you are in books. But unlike your cookie you can't just delete then replace your credit cards. (are you still with me?)
Neither are the letters of your name of the letters and numbers in your home address. The problem is that the sum total of the data stored is entirely personally identifying.
Next time someone should take a case that the IP address and timestamp together are personal data.
Much like a drop of blood, really: it's possible for relevant authorities to track down the owner of a drop of blood by DNA fingerprinting, but if I see a drop of blood on the pavement outside, it could be anybody's. An e-mail address, like a telephone number, can actually be used to contact you without additional information - an IP address, like a car registration number, cannot.
The clown who brought this case whining about a website logging visitors' IP addresses - like virtually every web server on earth has done since HTTP was invented - really needs a beating with the cluestick. If he really wants to keep his IP address secret, he should switch to using an address in the 127.0.0.0/8 range and leave those of us in the real world to communicate sensibly.
I'd like to see a functional network stack that didn't remember the IP address it was supposed to reply to. Clearly the server has to retain the IP address somewhere for some period of time. Retaining it for longer makes sense if it helps the server operators with things like intrusion tracking, or if it helps law enforcement (suitably warranted) track other misdeeds. As long as the information is not phormed off into a larger dataset, it is no more a breach of your privacy than me remembering that I saw you in the street the other day.
That's pretty much what the judge said. IP addresses alone do not identify you without some subsequent investigative work. As long as *that* is restricted by some legal framework, there's no problem here. Perhaps Phorm and similar mischief has left us over-sensitive on this point.
I have a written ruling from the Information Commissioner that an email address is NOT personal data (unless the part before the domain name is your exact name e.g. j.alfred.prufrock@googlemail.com).
So MOST email addresses do not count as personal data and can be harvested and abused at will.
Counter-intuitive? Welcome to the new scholasticism of the ICO! ("How many angels can dance on the head of a pin"). They're confused; We're confused; The bad guys run rings around them.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
