SEARCH:
washingtonpost.com
Web
| Search Archives

IP Addresses Are Personal Data, E.U. Regulator Says

Peter Scharr, Germany's data-protection chief, heads a panel on Internet privacy.
Peter Scharr, Germany's data-protection chief, heads a panel on Internet privacy. (By Roberto Pfeil -- Associated Press)

TOOLBOX

Resize Text

Save/Share +
Print This
E-mail This

COMMENT

Discussion Policy
CLOSE
Comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions. You are fully responsible for the content that you post.

Who's Blogging

» Links to this article
By Aoife White
Associated Press
Tuesday, January 22, 2008; Page D01

BRUSSELS -- IP addresses, strings of numbers that identify computers on the Internet, should generally be regarded as personal information, the head of the European Union's group of data privacy regulators said Monday.

Germany's data-protection commissioner, Peter Scharr, leads the E.U. group, which is preparing a report on how well the privacy policies of Internet search engines operated by Google, Yahoo, Microsoft and others comply with E.U. privacy law.

Scharr told a European Parliament hearing on online data protection that when someone is identified by an IP, or Internet protocol, address, "then it has to be regarded as personal data."

His view differs from that of Google, which insists an IP address merely identifies the location of a computer, not who the individual user is. That is true but does not take into consideration that many people regularly use the same computer and IP address.

Scharr acknowledged that IP addresses for a computer may not always be personal or linked to an individual. For example, some computers in Internet cafes or offices are used by several people.

These exceptions have not stopped the emergence of a host of "whois" Internet sites, which allow users to type in an IP address and will then generate a name for the person or company linked to it.

Treating IP addresses as personal information would have implications for how search engines record data.

Google was the first last year to cut the time it stored search information to 18 months. It also reduced the time limit on the cookies that collect information on how people use the Internet from a default of 30 years to an automatic expiration in two years.

A privacy advocate at the nonprofit Electronic Privacy Information Center said it was "absurd" for Google to claim that stripping out the last two figures from the stored IP address made the address impossible to identify by making it one of 256 possible configurations.

"It's one of the things that make computer people giggle," the center's executive director, Marc Rotenberg, said. "The more the companies know about you, the more commercial value is obtained."

Google's global privacy counsel, Peter Fleischer, said Google collects IP addresses to give customers a more accurate service because it knows what part of the world a search result comes from and what language is used -- and that was not enough to identify an individual user.

"If someone taps in 'football,' you get different results in London than in New York," he said.


CONTINUED     1        >

© 2008 The Washington Post Company