IP Addresses as PII
The cluster centers on debates about whether IP addresses constitute personally identifiable information (PII) or personal data under GDPR, with arguments varying on whether they identify individuals directly, indirectly, or only when combined with other data.
Activity Over Time
Top Contributors
Keywords
Sample Comments
An IP address is personal data, it’s only PII in combination with other data. Don’t collect the other data if you don’t need to.
Mind you an IP address is personal data only if it identifies an individual. Same goes with any other information.
But IPs are considered personal data by GDPR
It doesn't. It says:> Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, ... or a computer IP address.Emphasis mine.I said:> IPs don't count as long as you're collecting them for security purposes and don't have a way to identify a person using the IP.
It's not personally identifiable data, so probably not.
Are IP addresses personally identifiable information under GDPR?
There's no PII or remote possibility of linking it back to the person, so no.
You might want to actually read the GDPR. IP addresses are PII.
Are IP addresses considered PII or not? I remember there being multiple conflicting conclusions on that
Actually, the law is defined quite broadly, not restricting itself to "name, IP, email".Have you considered how a combination of innocuous data points, such as "browser + city + top 3 popular sites" can make a person uniquely identifiable?Or any other of the billions of combinations of your browsing patterns or seemingly random daily activities. Your entropy fingerprint, if you will.Check out "differential privacy" to learn more [0].We've built a pr