IP addresses, strings of numbers that identify computers on the Internet, should generally be regarded as personal information, the head of the European Union's group of data privacy regulators said Monday.
Peter Scharr, Germany's data protection commissioner as well as head of the EU data privacy group, told a European Parliament hearing that when an IP, or internet protocol, address identifies an individual user, then it must be considered personal data. Scharr's team has been commissioned to report on Internet search engine providers such as Google, Microsoft, and Yahoo, and examine how their Internet privacy policies stack up against E.U. privacy law.
Companies like Google disagree with his conclusion because knowing the IP address of a certain computer doesn't necessarily tell you who is on that computer at any moment. A point Scharr concedes as computers with Internet access at cafés, libraries, and offices are examples of computers with multiple users per IP address.
However, "WHOIS" Web sites have popped up where a user can type in an IP address and receive the name of the person or company identified with it.
The AP says if IP addresses become privileged personal data, this will have a far-ranging effect on how search engines record data.
Google says it needs to store search queries and gather information on online activity to improve its search results and to provide advertisers with correct billing information that shows that genuine users are clicking on online ads.
Internet "click fraud" can be tracked by showing that the same IP address is jumping repeatedly to the same ad. Advertisers pay for each time a different person views the ad, so dozens of views by the same person can rack up costs without giving the company the publicity it wanted.
On the other side of the Atlantic, CRMDaily.com reports that the Federal Trade Commission's verdict on whether IP addresses constitute private, and thus protected, information is still out.