EU Official: IP Is Personal

Florian Weimer fw at deneb.enyo.de
Wed Jan 23 22:05:50 UTC 2008


* Eric Brunner-Williams:

> However, Google/DoubleClick claim they have the right to collect PII
> data and disclose less than their complete data collection policy, and
> in particular, claim that endpoint identifiers do not tend to identify
> individuals. Further, they assert a property claim on such collected
> data.

If IP addresses don't identify anything, why do they collect and keep
them?

Anyway, mandatory data retention seems to change the consensus whose job
it is to retain a certain level of perceived anonymity.  Even if the
retention policies do not actually change that much, it's usually
assumed that the ISPs do no good job at protecting customer identity
anymore.  (You have to see this in a context where most of the consumer
Internet connections change their assigned IP address at least once a
day, which explains the old expectation to some degree.)  Now that ISPs
are out of the loop, the attention turns to folks at higher protocol
levels.  Some folks probably think that by complaining loadly enough,
they might be hosting a Google Privacy Research Center soon, or
something like that. *sigh*



More information about the NANOG mailing list