Is the IP address personal data? In most cases no: it does not allow you to trace the person behind the screen. It is Google to reiterate its position in the debate that arose last month within the European Commission.
It was the Article 29 Data Protection Working Party that raised the question: the IP address should be considered as personal data and as such should be subjected to appropriate safeguards, the German Privacy Guarantor Peter Schaar had asked, pending of a report that will guide the regulatory activity of the European Community.
To return to clarify its position in the light of Schaar's warning, Google has rekindled the debate by posting on its Public Policy Blog and weaving a dialogue with those who have addressed the topic online. BigG is convinced of this: the IP address cannot even be compared to a personal data, at least as regards the use that search engines make of it.
To clarify BigG's position is Alma Whitten, software engineer of the Mountain View giant: "Saying that IP addresses are personal data in any case is a statement that incorrectly suggests that each IP address can be associated with a specific individual ". The facts prove it. In the first place, providers who assign the IP address with which the user is represented online often assign dynamic IP addresses. Furthermore, those who connect via PDA or laptop and take advantage of connectivity in different environments, also show themselves online with different IP addresses depending on whether they are connecting from work, rather than from an airport, from home or from an Internet Café. Only the providers know how to associate the IP to a subscriber. But not even the provider, Whitten recalls, is sure of knowing who is behind the IP: Internet subscriptions are shared between family members.
Therefore, there is no possibility for Google to track user behavior and build superprofiles to be bombarded with ad hoc advertising and services: the IP address will continue to be used to thwart click fraud, for a mild customization of services, to extract trends. on which to graft marketing strategies. Based on these arguments, Whitten concludes that “the IP addresses registered by each site on the Planet without adding some information cannot be considered personal data, as websites cannot identify the people behind these strings of numbers. ".
But there are those who disagree: a painstaking operation of composition of the informative puzzle it could transform the IP into personal data, into a link between a person and their behavior on the net. This is supported by Mark Rotenberg, representative of the Electronic Privacy Information Center (EPIC), to underline it is the New York Times: knowing someone's IP address at a given moment unlocks access to other information with regard to the life of the person to whom it is assigned, it is a sort of partial personal data.
But this is an operation only possible for ISPs , not for a search engine, replies Google through the words of Matt Cutts: "Still many people believe that privacy is undermined by search engines instead of ISPs, even if some ISPs sell users' online sessions to third parties" .
On the same line, the comment of Peter Fleischer, head of privacy for the Mountain View giant: Google cannot trace the person carrying out a search. It is unable to do this because the user may be sharing the IP address with other users, with people using the same machine.
The difference, Fleischer notes, lies in the difference between identification and individualization : the IP address, as used by Google, can individualize and personalize a service based on the information that the IP address carries with it, but cannot in any way identify a person. Privacy laws, Fleischer reiterates, should regulate situations in which a person's identity is exposed. Regulating individualisation, on the other hand, would not only go beyond the protection of confidentiality, but would represent an obstacle to innovation.
Gaia BottàGoogle: the IP address does not identify anyone