EU regulators say IP addresses are privacy concern

A news article says,

(AP) IP addresses, string of numbers that identify computers on the Internet, should generally be regarded as personal information, the head of the European Union's group of data privacy regulators said Monday.

Germany's data protection commissioner, Peter Scharr, leads the EU group preparing a report on how well the privacy policies of Internet search engines operated by Google Inc., Yahoo Inc., Microsoft Corp. and others comply with EU privacy law.
.
He told a European Parliament hearing on online data protection that when someone is identified by an IP, or Internet protocol, address "then it has to be regarded as personal data."

His view differs from that of Google, which insists an IP address merely identifies the location of a computer, not who the individual user is - something strictly true but which does not recognize that many people regularly use the same computer terminal and IP address.

Scharr acknowledged that IP addresses for a computer may not always be personal or linked to an individual. For example, some computers in Internet cafes or offices are used by several people.

But these exceptions have not stopped the emergence of a host of "whois" Internet sites that apply the general rule that typing in an IP address will generate a name for the person or company linked to it.

Treating IP addresses as personal information would have implications for how search engines record data.

Actually, often a specific IP address cannot even be linked to a specific Internet-access computer, let alone an individual. For example, some Internet service providers (ISP's) use proxy servers to link many individual users to the Internet, and the proxy server may have a fixed IP address or one that changes only occasionally. Also, some Internet-access computers use dynamic IP addressing to directly connect to the Internet -- i.e., the IP address directly connecting to the Internet changes each time the computer connects to the Internet (though the IP address falls within a limited range).

Using IP addresses to block access is a widespread nefarious practice -- Wickedpedia, for example, does it. IP address blocking is often ineffective and can block large numbers of people other than the intended target.

The article says,

Google led the pack by being the first last year to cut the time it stored search information to 18 months. It also reduced the time limit on the cookies that collect information on how people use the Internet from a default of 30 years to an automatic expiration in two years.

Actually, Internet users can block or restrict the placement of cookies, block or restrict access to cookies, and erase cookies.

But a privacy advocate at the nonprofit Electronic Privacy Information Center, or EPIC, said it was "absurd" for Google to claim that stripping out the last two figures from the stored IP address made the address impossible to identify by making it one of 256 possible configurations.

Actually, stripping out only the last two figures narrows it down even further than that -- there are only 100 possibilities if the third figure is a 0 or a 1 and only 56 possibilities if the third figure is a 2.

Hopefully the new IP address format, Version 6, will be implemented in a way that will help prevent IP address blocking and other abuses of IP addresses.

Related articles are here, here, here, and here.
.