EU: IPs Are Personal
IP addresses should generally be regarded as personal information, the head of the European Union's group of data privacy regulators said Monday.
Germany's data protection commissioner, Peter Scharr, leads the EU group preparing a report on how well the privacy policies of Internet search engines operated by Google, Yahoo, Microsoft and others comply with EU privacy law.
He told a European Parliament hearing on online data protection that when someone is identified by an IP, or Internet protocol, address "then it has to be regarded as personal data."
His view differs from that of Google, which insists an IP address merely identifies the location of a computer, not who the individual user is ? something strictly true but which does not recognize that many people regularly use the same computer terminal and IP address.
Scharr acknowledged that IP addresses for a computer may not always be personal or linked to an individual. For example, some computers in Internet cafes or offices are used by several people.
But these exceptions have not stopped the emergence of a host of "whois" Internet sites that apply the general rule that typing in an IP address will generate a name for the person or company linked to it.
Treating IP addresses as personal information would have implications for how search engines record data.
Google led the pack by being the first last year to cut the time it stored search information to 18 months. It also reduced the time limit on the cookies that collect information on how people use the Internet from a default of 30 years to an automatic expiration in two years.
Google collects IP addresses to give customers a more accurate service because it knows what part of the world a search result comes from and what language they use ? and that was not enough to identify an individual user, according to the company.
Google says it needs to store search queries and gather information on online activity to improve its search results and to provide advertisers with correct billing information that shows that genuine users are clicking on online ads.
Internet 'click fraud' can be tracked down by showing that the same IP address is jumping repeatedly to the same ad.
Microsoft does not record the IP address that identifies an individual computer when it logs search terms. Its Internet strategy relies on users logging into the Passport network that is linked to its popular Hotmail and Messenger services.
He told a European Parliament hearing on online data protection that when someone is identified by an IP, or Internet protocol, address "then it has to be regarded as personal data."
His view differs from that of Google, which insists an IP address merely identifies the location of a computer, not who the individual user is ? something strictly true but which does not recognize that many people regularly use the same computer terminal and IP address.
Scharr acknowledged that IP addresses for a computer may not always be personal or linked to an individual. For example, some computers in Internet cafes or offices are used by several people.
But these exceptions have not stopped the emergence of a host of "whois" Internet sites that apply the general rule that typing in an IP address will generate a name for the person or company linked to it.
Treating IP addresses as personal information would have implications for how search engines record data.
Google led the pack by being the first last year to cut the time it stored search information to 18 months. It also reduced the time limit on the cookies that collect information on how people use the Internet from a default of 30 years to an automatic expiration in two years.
Google collects IP addresses to give customers a more accurate service because it knows what part of the world a search result comes from and what language they use ? and that was not enough to identify an individual user, according to the company.
Google says it needs to store search queries and gather information on online activity to improve its search results and to provide advertisers with correct billing information that shows that genuine users are clicking on online ads.
Internet 'click fraud' can be tracked down by showing that the same IP address is jumping repeatedly to the same ad.
Microsoft does not record the IP address that identifies an individual computer when it logs search terms. Its Internet strategy relies on users logging into the Passport network that is linked to its popular Hotmail and Messenger services.