Site Sponsor:

mcafee_logo.gif
line

Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Dan or post a comment to the blog.

« Updated: Lost Tape Not Necessarily a Data Leak | Main | When Bad Things Happen to Good Web Sites »

Should Your IP Address Be Treated as Private Information?

A potential privacy storm is brewing in Europe over one of the most basic methods of tracking individuals on the Internet: a computer's IP address. Now of course IP addresses aren't tied to a particular person and they aren't even MAC addresses which are tied to network hardware but they work well enough as personal identifiers.

The Associated Press says:

Germany's data protection commissioner, Peter Scharr, leads the EU group preparing a report on how well the privacy policies of Internet search engines operated by Google Inc., Yahoo Inc., Microsoft Corp. and others comply with EU privacy law.

He told a European Parliament hearing on online data protection that when someone is identified by an IP, or Internet protocol, address "then it has to be regarded as personal data.

"

Google privacy counsel argues (from the Register):

"There is no black and white answer: sometimes an IP address can be considered as personal data and sometimes not, it depends on the context, and which personal information it reveals."

Yes, but if measured how often an Internet browsing session from an IP address is associated with a single individual we'd probably find the vast majority of cases have one person using one IP address. (Does anyone know of any hard data on this, if so, please post a comment below).

And Marc Rotenberg of EPIC also quoted in the Register points out:

"...but we are moving towards the IP6 model, for which it will be even more the case that IP addresses will be personably identifiable".

Here is a case where the general rule holds but there are plenty of exceptions.

The EU has demonstrated a willingness to extend broad privacy protections to its citizens, much more than we tend to find in the US. Remember the EU Privacy Directives and the Safe Harbor agreement? We may find a similar split with respect to IP as personal information. The debate isn't over in the EU but if history is any indication, this issue will be settled in favor or privacy protections. This could lead to different Internet experiences for EU citizens from those of the rest of the world. It's an open question who will be better off but I suspect it will the the Europeans.

Tags:              
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Dan Sullivan on January 22, 2008 9:21 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-websecurity.com/type/mt-tb.cgi/602

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Latest White Papers

line

Blog Roll

line

Dan Sullivan's Bio:

Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net