EU Says IP Addresses Are Personal Data
The European Union's data privacy regulator group said this week that an IP address "has to be regarded as personal data" when it's used to identify a person. Although this has no bearing on how IP addresses are used in the United States, it might trigger a change in data collection policies for companies like Google that use IP addresses in order to serve relevant search results and ads.
Google and Microsoft track users differently—Google is the bigger culprit when it comes to storing IP addresses that could potentially identify a person, while Microsoft relies on its Passport network to track users.
Google has taken steps over the past year to reduce the length of time it stores data—the Washington Post says search info is now deleted after 18 months, and Google's tracking cookies now expire after two years instead of 30. It's still facing criticism, though, from privacy types:
A privacy advocate at the nonprofit Electronic Privacy Information Center said it was "absurd" for Google to claim that stripping out the last two figures from the stored IP address made the address impossible to identify by making it one of 256 possible configurations.Regardless of how the search engine companies collect or store data, the EU wants them to make their privacy policies clearer and easy for the layperson to understand:"It's one of the things that make computer people giggle," the center's executive director, Marc Rotenberg, said. "The more the companies know about you, the more commercial value is obtained."
Neither of the search engines received a pat on the back from Spain's data protection regulator, Artemi Rallo Lombarte, who criticized them for not trying to make their privacy policies accessible to normal people.Their privacy policies "could very well be considered virtual or fictional . . . because search engines do not sufficiently emphasize their own privacy policies on their home pages, nor are they accessible to users," he said, describing the policies as "complex and unintelligible to users."
"IP Addresses Are Personal Data, E.U. Regulator Says" [Washington Post]
(Photo: Getty)
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam malesuada commodo erat et molestie. Duis pellentesque aliquam bibendum. Suspendisse venenatis lobortis eleifend. Mauris id est sed lectus convallis aliquam.
Post a comment
Comments:
"absurd for Google to claim that stripping out the last two figures from the stored IP address made the address impossible to identify by making it one of 256 possible configurations"
Of course it's absurd the last number can only be out of 254 "configurations".
And that only is true if by "last two figures" they mean the last number. If they mean the last two numbers that bumps the possible "configuration" count up to 64,770.
Actually, I think it's even slightly less then 256. In a class C IP block, all addresses share the first 3 octets, mike only the last octet unique. I am assuming that they are stripping away the last 2 DIGITS for example 192.168.100.1XX.
Some of these addresses however are invlaid such as .0 and multicast making the total combination 254. A piddling distinction I know but if this is correct it is very likely that eventually you will be able to be identified. That is if you had a static IP address for a long period of time.
god, this makes me wish that in the u.s., 1) we had intellectuals working in gov't & 2) we actually listened to their recommendations.
@mac-phisto: We do, they're trying to figure out how to start a war with iran when iran has done pretty much nothing wrong and for a long time was our biggest supporter in that region of the world sans isreal.
Obviously though the utility of using an IP address an identifier has to do with the strength it can be associated with one person and their personal habits.
Somehow I just think it may be better to make it anonymous or random and remove the correlation between specific IP addresses and people.
Google's privacy "efforts" are crap. They have no need to tie IP to personal data after 5 seconds let alone 18 months.
If the EU wants to consider IP addresses information that people shouldn't store and analyze, then they should provide a free proxy for anyone who wants to "opt out" of IP address information storing.
@Adam Rock: or they could just fine the hell out of anyone that doesn't comply with their rules. i like that idea better.
Down with the Google-opoly!!!!!!!!
There's no good reason on earth for a company to store 30 year tracking cookies! Even two years is bad unless the user fully gives consent ... and gets a cut of the action.