nanog mailing list archives
Re: EU Official: IP Is Personal
From: Roland Perry <lists () internetpolicyagency com>
Date: Thu, 24 Jan 2008 12:31:27 +0000
In article <Pine.GSO.4.64.0801231750350.24354 () clifden donelan com>, Sean Donelan <sean () donelan com> writes
In the US, folks are fighting the RIAA claiming that an IP address isn'tenough to identify a person. In Europe, folks are fighting the Google claiming that an IP address is enough to identify a person. I guess it depends on which side of the pond you are on.
The European Data Protection perspective (which has been the same since 1999, and expressed quite robustly in 2000, no new ideas have suddenly appeared) is this: Many IP addresses *are* enough to identify a person. Although sometimes you need additional information. The law talks about "identifying directly or indirectly", the latter as a result of having some *other* information available[1]. It's not a case of getting a hit based on IP address alone (which in any event needs at least a registry lookup to turn into a person's name). And therefore because *some* IP addresses indisputably identify people, you must put in place precautions to handle *all* such information appropriately (IP addresses don't come with a bit set to say "I'm an identifiable user" or "I'm not"). That's just the way European Law works. The American perspective might be (and I'm guessing here) that if only *some* IP addresses identify people, you should assume that *all* IP addresses are unreliable identifiers. [Many of the comments in this thread express somewhat of that view]. That might even be a good idea in a shoot-first ask-questions-later environment. My advice would be to try *not* to deploy such an environment :) [1] In the case of being a dial-up ISP, the RADIUS logs; others have mentioned the association between commercial wifi connections and their (roaming) subscribers. -- Roland Perry
Current thread:
- Re: EU Official: IP Is Personal, (continued)
- Re: EU Official: IP Is Personal Jeff McAdams (Jan 24)
- RE: EU Official: IP Is Personal Rod Beck (Jan 24)
- Re: EU Official: IP Is Personal Scott McGrath (Jan 24)
- Re: EU Official: IP Is Personal Scott Francis (Jan 24)
- Re: EU Official: IP Is Personal Robin Stevens (Jan 24)
- Re: EU Official: IP Is Personal J. Oquendo (Jan 24)
- Re: EU Official: IP Is Personal Owen DeLong (Jan 24)
- Re: EU Official: IP Is Personal Joel Jaeggli (Jan 24)
- The EU's and Google's official positions (was: EU Official: IP Is Personal) michael.dillon (Jan 25)
- Re: EU Official: IP Is Personal Valdis . Kletnieks (Jan 24)
- Re: EU Official: IP Is Personal Roland Perry (Jan 24)
- Re: EU Official: IP Is Personal Joe Greco (Jan 23)
- Re: EU Official: IP Is Personal Valdis . Kletnieks (Jan 24)
- Re: EU Official: IP Is Personal Owen DeLong (Jan 24)
- Re: EU Official: IP Is Personal Valdis . Kletnieks (Jan 24)
- Re: EU Official: IP Is Personal Hank Nussbacher (Jan 25)
- Re: EU Official: IP Is Personal Matt Palmer (Jan 25)
- Re: EU Official: IP Is Personal Roland Perry (Jan 25)
- Re: EU Official: IP Is Personal Andy Davidson (Jan 25)