Peter Scharr, Germany’s data protection commissioner, leads the EU group preparing a report on how well the privacy policies of the various international search engines comply with EU privacy laws and whether these laws should be loosened or tightened. Based on a what he proposed during a hearing by the European parliament recently it looks like it will be a lot more restrictive than most search engines want it to be. Scharr said that when someone is identified by an IP address “it has to be regarded as personal data.”.
The implications for search engines such as Google and Microsoft are huge. Google always took the standpoint that an IP address simply identifies a computer and not a user. That may be technically correct but since most people own one computer and access the internet via their own connection they generally have the same IP address and can be identified pretty well. You can read an extensive article about the subject including feedback from Google, Microsoft and the Electronic Privacy Information Center (EPIC) at Yahoo News.
We asked Christiaan Alberdingk Thijm, online privacy expert, from law firm SOLV (who successfully defended KaZaA in court in 2002 in the Netherlands) to give us his opinion on the matter. He says “The question is what the consequences are of the EU’s approach. If an IP address is personal data, this means that every action online implicates that the data protection legislation is applicable. It will be impossible to enforce legislation with such a result. The better question to ask is whether your privacy is actually being invaded. The processing of data does not necessarily imply an invasion of privacy.”
It will be interesting to see what online services will do if their IP tracking practices become illegal in Europe. They could decide to have different policies for Europe than the rest of the world. But to do that they would have to track IP addresses first which is precisely the reason why they are tracking them now, they say.