IP addresses, the string of numbers that identify computers on the Internet, should generally be regarded as personal information, the head...
BRUSSELS, Belgium — IP addresses, the string of numbers that identify computers on the Internet, should generally be regarded as personal information, the head of the European Union’s group of data-privacy regulators said Monday.
Germany’s data-protection commissioner, Peter Scharr, leads the EU group preparing a report on how well the privacy policies of Internet search engines operated by Google, Yahoo, Microsoft and others comply with EU privacy law.
He told a European Parliament hearing that when someone is identified by an IP, or Internet protocol, address “then it has to be regarded as personal data.”
Most Read Business Stories
His view differs from that of Google, which insists an IP address merely identifies the location of a computer, not who the individual user is — something strictly true but which does not recognize that many regularly use the same computer terminal and IP address.
Treating IP addresses as personal information would have implications for how search engines record data.
Google led the pack by being the first last year to cut the time it stored search information to 18 months. It also reduced the time limit on the cookies that collect information on how people use the Internet from a default of 30 years to an automatic expiration in two years.
But a privacy advocate at the nonprofit Electronic Privacy Information Center, or EPIC, said it was “absurd” for Google to claim that stripping out the last two figures from the stored IP address made the address impossible to identify by making it one of 256 possible configurations.
“It’s one of the things that make computer people giggle,” EPIC executive director Marc Rotenberg told The Associated Press. “The more the companies know about you, the more commercial value is obtained.”
Google’s global privacy counsel, Peter Fleischer, however, said Google collects IP addresses to give customers a more accurate service because it knows what part of the world a search result comes from and what language they use — and that was not enough to identify an individual user.
“If someone taps in ‘football’ you get different results in London than in New York,” he said.
Microsoft does not record the IP address that identifies an individual computer when it logs search terms.
Its Internet strategy relies on users logging into the Passport network that is linked to its popular Hotmail and Messenger services.
The company’s European Internet policy director, Thomas Myrup Kristensen, described the move as part of Microsoft’s commitment to privacy.