Google on Privacy: Are IPs Personal?

The EU came forth last week with some disturbing news for the search engines, that IP addresses should be considered personal information and thus should not be stored. Instantly, that covers the whole cookies problem that many people have, storing preferences and settings against their will.

Google's Privacy Policy Blog addresses the same issues in what seems to be a plea for the EU to not go down that road. At first. According to it, there are two sides to the story. First, it argues that many Internet Service Providers have a dynamic IP allocation service, giving a computer an address when it logs into the network and then supplying the same IP to others when it logs out. "Because of this, the IP address assigned to your computer one day may get assigned to several other computers before a week has passed," Alma Whitten writes. Using a laptop in hot spots is another variant to consider when talking about IPs being treated as personal information.

"Back to our initial question: is an IP address personal data, or, in other words, can you figure out who someone is from an IP address? A black-and-white declaration that all IP addresses are always personal data incorrectly suggests that every IP address can be associated with a specific individual", Alma continues. The second side to the story is when it comes to other ISPs, as they clearly link an IP address to a particular computer, by contract, in which a name is held accountable for the actions performed while using that PC. And even so, most websites record Ips, but they cannot track back the string of numbers to identify a person by it without additional information.

"At Google, we know that user trust is fundamental to our success; users will stop choosing to use Google products and services if they can't trust us with their data. For this reason, we have made moves to safeguard that privacy, like anonymizing our logs and worked with privacy groups on initiatives like shortening cookie length. We have proposed broad global privacy standards, and are strong supporters of the idea that data protection laws should apply to any data that could identify you," Whitten points out. The trouble is that shortening cookies does not make a difference, the data is still stored, just for one year and a half instead of more.