[Foundation-l] Re: Privacy Protection for Users

Sun Oct 23 19:20:34 UTC 2005

> IP addresses are not personal data, they identify a machine and in most
> cases identify a machine leased to that address on a temporary basis.  I
> would posit that IP addresses are in fact extremely less private than a
> phone number is.  I can get someone's phone number and use any number of
> means to use that to get someone's name and address.  I cannot use an IP
> address to do the same thing UNLESS the entity that is leasing that
> information provides it.
> 
> This is specifically addressed in the point, on its face it plainly says
> "data relating to subscribers".  Clearly this point is intended for ISP's
> regarding their conduct in protecting a subscriber's right to privacy.  You
> can't jump from a right to privacy a user has with an ISP and then apply
> that to each and every entity that person contacts.
> 
> For instance, if some person decides to access my website and he posts
> something I don't like I can't go to his ISP and demand his information.
> However, if the same person sends an email to Jacque Chirac about how he is
> going to bomb the Eiffel Tower you can guarantee his ISP would be handing
> over his information as that clearly falls outside of "legitimate
> interests".  
> 
> However, the mere fact that I know that a certain IP posted something I
> didn't like on my website doesn't breech his privacy.  I can then, in turn,
> determine I wish to ban his address from my website because I don't like
> him, I own the site and that is my right.  He chose to visit my website and
> thus make some information available to me in doing so.
> 
> If you were right, what's next in the EU, you can't take down the license
> number of someone who ran you off the road because that's invading his
> privacy?

You forget one point : this is about personal data processing... one 
number is not a database, but if you begin taking down all the licenses 
of all the people who ran you off the road, then you will need to 
declare your database to the EU relevant institutions. Actually, my own 
website is declared to the french cnil, as well as most blogs or forums 
are.

I won't argue if IP collections should or should not be personal data. 
The point is that these directive consider that data needed to establish 
connections and to transmit information contain information on the 
private life of natural persons and that they are covered by the 
Directives. As of the text of 2002/58/CE, even cookies are considered to 
be personal data !

Then, some page on wikipedia should comply with this.