Slashdot Mirror
E.U. Regulator Says IP Addresses Are Personal Data
NewsCloud writes "Germany's data-protection commissioner, Peter Scharr told a European Parliament hearing on online data protection that when someone is identified by an IP, or Internet protocol, address, 'then it has to be regarded as personal data.' Scharr acknowledged that IP addresses for a computer may not always be personal or linked to an individual. If the E.U. rules that IP addresses are personal, then it could regulate the way search engines record this data. According to the article, Google does an incomplete job of anonymizing this data while Microsoft does not record IP addresses for anonymous search."
Because that's today's car analogy for an IP address.
Now bow to your Redmond overlord, miscreants!
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
First of all, where is your proof that microsoft does not keep logs of IP addresses. And which microsoft site? msn.com? live.com?
if the flood of greed to tracking ($$'s) everyone's move can still be held back:
In email source:
HTML comment tag open [WEBTRENDS-Tracking] HTML comment tag close
img alt="DCSIMG" id="DCSIMG" width="1" height="1" src="http://statse.webtrendslive.com/dcskvlalu100004rfxyw......
Never really looked at it this way. I think it's become ingrained in us that IP's are a way of tracking instead of a way of communicating. Being able to track them is just a side issue. If we look at an IP as a means of communication then does that not make it private in some way? I don't know exactly how I feel about this but I'd certainly like to have more rights rather than less of them.
Does that mean that if passed, then the RIAA can't use my personal data 'IP' to sue me? TFA was a little short on details of the reprecushions of this.
The only way to check and see if your IP is being kept is by changing the protocol entirely or by checking the company's servers. I'm guessing that not too many companies would appreciate people routinely rooting around, and if something to check if an IP is stored were to be implemented, the protocol would have to be vastly overhauled and it could slow down the internet 80% or more because of the extra time needed to "check."
The bottom line is this is much like the ruling in the US that companies had to keep a record of working memory (which is entirely impossible,) This seems to be more legislators talking about something they know very little about.
Don't get me wrong, I do appreciate the fact that it would make it harder for the ad industry to hunt you down which is always appreciated, I just don't think any reasonable implementation will work.
Well, back to rejecting software patent applications.
I am truly disappointed in this. If IP addresses are a means of communications, wouldn't that be similar to phone numbers?
It shouldn't be any more personal than a phone number is. Whenever someone calls me, I like to log them on my caller ID. I don't see a difference here.
I can't believe what I'm seeing. Is this actually a semi-responsible technology-related decision made by a legislative body?
I'm not saying I necessarily agree with the complete "scrubbing" of Google et al.'s records, as it were, but the classification of an IP address as personally-identifiable information is definitely a positive step towards Internet freedom, and a reasonable expectation of some degree of privacy. At the very least, it gives you a leg to stand on when you find out that some company has been selling your browsing habits to an advertiser.
"...while Microsoft does not record IP addresses for anonymous search."
Well, they will now.
This idea would kind of guarantee that cookies have no competition.
Sucks if you are an ISP. You buy a block of IP's but you can't use them...they are someone elses personal info? /. assigned me a user ID number....I believe that number properly belongs to slashdot. gandhi_2 though...I stole that from Wierd Al.
THL phish sticks
Unless Microsoft is just lying. How can they be trusted, with their track record?
--
make install -not war
How is an IP address more "personal" than my GPS location at any given point in time? Sure an IP address can be "mine" if I have my own domain etc. This is not usually the case though. Most IP addresses are "owned" by the ISP and assigned to people via DHCP (except for static ones). This is not too much unlike a restaurant reserving tables for a customer, and sometimes reserving a table for a customer for a long time. It doesn't make the table being reserved the customers the customers personal property; the restaurant still owns it--it is no more personal than, well, any other table in an anonymous bar (for example). I can't see how IP addresses can be "personal".
Yep. Just wouldn't be a news cycle without some death porn.
Kind of a shortage of nubile women dying macabre deaths at the moment, but the posthumous role as The Joker puts an off-beat spin on things.
So much schadenfreude, so little time.
Unfortunately (because he's a smart person with the right ideas) the guy has no power beyond telling everyone what he thinks data privacy should be and how sorry the actual state of affairs is. This may eventually lead to more stringent regulations, but note that in Germany, it is already a violation of privacy laws to record personal information, including IP addresses, in logfiles without telling the visitor about it. Apparently the justice department hasn't heard of the law, because their web server does precisely that. And so does everybody else's server and nobody cares.
You know, the keen insight and argumentation on display in this audio clip of a Paulestinian really tempts me.
To vote for him, or disembowel myself with an ice pick, I'm unsure which...
I realize it sounds silly at first glance, but I'd agree with the general idea. While an IP isn't private per se, you don't run around IRC and chat channels shouting your IP at random people. Your IP is between you and whatever sites you choose to visit. In addition to that, you generally don't want your named linked to an IP. Even if an untrustworthy website, they have your IP but not your name with it. Once you have a name and an IP, someone with an axe to grind can start trying in earnest to break the door down, or DDoSing your personal website, if you have one.
If IP addresses are personal data, who owns 127.0.0.1?
Based on this conclusion, an IP == IP (Intellectual Property), then?
Those annoying ads, about "Your computer is broadcasting your IP address"... were right all the time?
If IP addresses are personal data, and you visit my web page, and my access logs show I served an IP that you used at a certain time (or even just that I served an IP you used), am I now subject to laws regarding the holding of personal information? If you were to contact me and request that information how would I authenticate you? If I was to disclose certain parts of the "personal data" that you claimed belonged to you, how could I know that I was not disclosing someone else's personal information, given that I can't necessarily authenticate you or anyone else and IP's can be re-allocated? If I ban an IP address for abusing my server and it is later re-allocated to someone else, is that slander? If I forward an e-mail whose headers contain IP addresses of relay servers, is that unlawful disclosure of personal information?
This is totally ridiculous.
On the other hand I think who the IP address is assigned to below the provider is private information. In other words ISPs whould not be divulgin who they assigned an IP address to becuase this could allow individual specific information to be collected.
"an infinite player that has lost his finite mind" ~Infinite Play the Movie (it blends with reality)
But what about all the other ways that IP addresses are used and stored?
While everybody can check a directory such directories don't exist for IP numbers. Respectively the information needs to be obtained from the ISP.
I never heard of the requirement of a court order before checking a phone directory.
ich bin der musikant
mit taschenrechner in der hand
kraftwerk
... and that's why the German government collects them, just like all other personal data.
Germany's positions on issues of privacy are rather two-faced, having one of the most intrusive surveillance states in the world, while at the same time proclaiming itself to defend personal freedoms.
In Germany's current privacy and data protection laws, everybody has the right to decide what happens to their own personal information if it is being processed by computers.
Well, that is, except for all the ways in which the German government uses that information to track you and spy on you. German privacy attitudes are schizophrenic: they live in a country with a history of governments perpetrating genocidal mass murder based, in large part, on personal information and connections between citizens. You were a Jew? You died. You had contact with communists? You died. The East Germans even continued that proud tradition of neighbors spying on neighbors and kids spying on parents throughout the 20th century.
Yet, all Germans seem concerned about is whether big, evil US corporations can get their data, while everything they do and say can be traced back to them: phones need to be registered, web sites need to provide full information, there is effectively no anonymous free speech, televisions need to be registered, the German government can get all your connection information, and you even register your religion with the German government.
German politicians talking about "privacy" is ridiculous. The "Bundesdatenschutzbeauftragter" is a smokescreen for one of the most intrusive surveillance societies in the world. Germans should worry about their own government before trying to tell other nations about data protection.
His name is Peter Schaar, not Scharr. One would think the editors would at least *skim* TFA.
Oh, and he's a great guy BTW, responding to email in a timely and thoughtful manner, and investigating the questions he's being asked.
Who is General Failure and why is he reading my hard disk?
Do you mean her?
Somebody may have a compromised system which will be use to perform toxic actions without its consent.
:)
You cannot link "for sure" an IP with somebody actions.
Beware! Here is an analogy to hint people on my way of thinking (never argue on analogies since contexts are always different) : A lent its car to B with generosity, B smashes C with A's car, B is responsible for hurting C, not A.
Or A opens its wifi network to anybody by generosity, B uses A wifi network to hack C's system. Well... C should have have GNU/Linux.
Wikipedia records IP addresses for all anonymous editors. I wonder how this will affect the project?
XML is like violence. If it doesn't solve the problem, use more.
Won't a byproduct of IPv6 be that everything will have a unique IP address and so become even more of a unique identifier.
And because there will be so many addresses I'm guessing that they won't get recycled very much at all.
Wow, even for /. there's a lot of people who didn't even read the summary, let alone TFA. And there's a lot of FUD being spread.
What this means is that IP address information might be considered personal data under EU data protection laws. This means that companies/corporations/organisations which log your IP address will have to have a privacy policy in place governing how that information is used.
There are also certain requirements, such as they have to make people's own information available to them if requested, they have to disclose breaches of information to those affected and so on.
It doesn't stop logging IP addresses, it won't stop webservers using client IPs to maintain statefull connections, it won't stop google associating IP addresses with search data, it won't stop wikipedia or forums storing the IP of posters. It just means that organisations doing this need need a privacy policy in place to protect this data (which most of them already have to protect other private data they store).
It's just acknowledging that IP addresses can/may be used, in some cases (the summary points out that they already acknowledge IP addresses are often dynamic), to identify a person and deserves the same level of protection that things like phone numbers and home addresses already have.
Helpdesk: "Hello, this is the Yahoo Germany Helpdesk"
Caller: "Yes, I want you to delete all your records with my IP address in it..."
Helpdesk: "OK"
Caller: "and I want you to tell me who gave you my IP address."
Helpdesk: "Umm, well your computer will have sent us your IP address when you connected to the website"
Caller: "Oh, I don't think so, I have a very good firewall."
Helpdesk: "Hello, this the German National Bank Helpdesk"
Caller: "Yes, I want you to delete all your records with my IP address in it..."
Helpdesk: "Sure, and what is that IP address?"
Caller: "10.0.0.10"
Helpdesk: "Hello this is Ebay Germany, how can I help you."
Caller: "Could you please delete all records relating to my IP address."
Helpdesk: "Sure, do you know what the number is?"
Caller: "Didn't you make a note when you recorded it!"
Even if EU privacy law says IP addresses are protected personally-identifiable information, there will be instances where citizens are legally justified in processing and recording those addresses.
Benjamin Wright, Dallas, Texas, benjaminwright.us
How dare you compare the fine folks at The Onion to Fox news!?
Don't thank God, thank a doctor!
always a computer. Always.
The Kruger Dunning explains most post on
First: This is a good thing. It is a good thing especially for the individual.
Second: This is how things have been always been in most of Europe. The commissioner didn't change a ruling, he just said that he agrees with the consensus view. (Of course I don't know what the situation is in every European country, only for the ten or so.)
Personal data doesn't mean private. If fact, in many cases it is the opposite of private. In European practice, an individual has control over their own personal data. To use your personal data, I need your permission. Sometimes this permission needs to be implicit, as in using an IP address number to enable real time communication between two computers. In cases where the permission doesn't need to be implicit it isn't. An example would be if I wanted to store your IP after the real time communication between has ended. To be able to do so, I would have to tell you at the first opportunity that I am going to store your IP, what I'm going to do with it and how I'm going to protect it from other people. (Logging just for operational purposes is considered a special case, not requiring an explicit declarations, but that sort of assumes that your logging practices fall within the industry norms. Best thing would be to inform your user about your logging practices in any case.)
Computers are useless. They can only give you answers - Pablo Picasso