[governance] IP Addresses Are Personal Data, E.U. Regulator Says

Meryem Marzouki marzouki at ras.eu.org
Mon Jan 28 13:42:38 EST 2008


Hi Andrea and all,

Le 24 janv. 08 à 09:36, Andrea Glorioso a écrit :

> Second, the fact that the WP29 considered an IP address to be  
> "personal
> data" in the sense of the relevant European data protection Directives
> has been known since some time - the WP29 has already issued some
> opinions on this particular point (I can provide the references if
> somebody is interested).

True it's not new, but reaffirming this is really important, as this  
commonly admitted (at least in Europe) status of the IP address as a  
personal data (more exactly, an "indirectly nominative data") is  
being questioned, most notably by IPR holders willing to take actions  
against P2P sharing activities. This has been the case in France,  
with courts backing this position from IPR holders, see: http:// 
www.edri.org/edrigram/number5.17/ip-personal-data-fr

> Again, these are *opinions*, not binding
> laws,

Unfortunately..

[...]

> Incidentally, once might also argue that deep-packet inspection
> ("network neutrality" anyone?)   breaches data protection laws across
> Europe, unless there is a clear consent from the end-user.  Care to
> guess how many ISPs in the EU actually do request that "clear
> consent"?

All of them.. by contract (you know, these "general conditions" that  
no one reads, especially when one needs to subscribe to an ISP  
anyway)! Actually, you cannot use the breaching of data protection  
law argument in this case - as long the data remains managed by the  
ISP and not disclosed to anyone else - since ISPs obviously need to  
process you data, starting from your IP address, to deliver the service.

So, the answer to Karl's question ("whether an ISP or core provider's  
use of a person's IP address to generate a TCP Reset packet (for the  
purpose of, for example, "slowing" bittorrent traffic) is a  
usurpation of that personally identifiable information") is no. This  
is indeed a network neutrality issue, but not a data protection issue.

Meryem____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.cpsr.org
To be removed from the list, send any message to:
     governance-unsubscribe at lists.cpsr.org

For all list information and functions, see:
     http://lists.cpsr.org/lists/info/governance



More information about the Governance mailing list