A federal judge for the United States District Court in Seattle has ruled that IP addresses are not personally identifiable information. ‘In order for “personally identifiable information” to be personally identifiable, it must identify a person. But an IP address identifies a computer,’ US District Court Judge Richard Jones said in a written decision.
The ruling came in response to a class action lawsuit filed in 2006 by consumers against Microsoft when a Windows update installed new anti-piracy software onto computers.
This ruling contradicts a European Union decision from January 2009 where Germany’s data-protection commissioner, Peter Scharr told a European Parliament hearing on online data protection reviewing the practices of search engines that when someone is identified by an IP, or Internet protocol, address, ‘then it has to be regarded as personal data.’
As soon as you visit any website, your IP address is available to that site. Websites typically collect a record of all IP addresses that visit, combined with information about the time of the visit, even if this record is never leveraged or associated to an individual. This information is useful because it indicates which ISP you use, and – with some exceptions – your general location like the city in which you live.
Unlike general websites, ISP’s know who you are even if your IP address is dynamic (meaning it changes periodically or every time you connect to the internet) because they know what number was allocated to which customer and when.