There is disagreement between European States about the status of IP addresses under data protection law.
Are they, or are they not, personal data?
FEDMA reports that according to the German authorities, dynamic IP addresses are personal data and therefore data controllers need to respect the requirement to collect “clear consent” before processing. But in February The Paris Appeal Court decided that an IP address alone cannot lead to the identification of an individual and therefore the collection of IP addresses can take place without prior notification to the French DP authority CNIL.
Here at home, the ICO has been arguing the case for inclusion of static IP addresses in the definition but has previously admitted that dynamic IP’s are unlikely to be covered if it is only an ISP who can link the address to an individual without any other identifying or distinguishing information.
Other recent items: