Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

As has been repeatedly argued in cases of IP-rights-holders-vs-sharers, an IP address on its own does not identify an individual. We argue that both ways depending on what suits us at the time, or we are as bad as the music industry flipping between “you bought the CD” and “you licensed the music” when it suits them to.


There's a huge difference between "identifiable enough to be legal evidence" and "identifiable enough to be unethical to collect".


This is only true in certain jurisdictions. The GDPR recitals specifically mention IP addresses as examples of personal data:

> Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.

from https://gdpr.eu/recital-30-online-identifiers-for-profiling-...

Further support for this interpretation in case the above comes off as "only if combined with other data": https://commission.europa.eu/law/law-topic/data-protection/r...


That's fair. (Though I certainly haven't argued it either way previously myself.)

I do think it makes your statement that cannot, "be linked back to you personally", a little less absolute.


That was someone-else's statement, not mine.

My take: An IP address is usually not, in fact almost always not, PII on its own, but there are circumstances where it is part of a package of data that is PII, and others where it could be considered “circumstantial PII”.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: