Privacy Protection for Users (was: Re: [Foundation-l] Re: Privacy concerns)

W. Guy Finley wgfinley at dynascope.com
Sun Oct 23 18:57:54 UTC 2005


On 10/23/05 1:20 PM, "Jean-Baptiste Soufron" <jbsoufron at gmail.com> wrote:

> 
> Well you can argue that they are wrong, but from a legal point of view,
> IP numbers are personal data. I just wrote a piece of paper about all of
> this :
> 
> http://soufron.free.fr/soufron-spip/article.php3?id_article=103
> 
> That may surprise most wikipedians, but from a legal point of view, it¹s
> impossible to pretend that IP numbers are not personal data. This point
> is addressed by point 25 and 26 of 2002/58/CE stating that :
> 
> "The data relating to subscribers processed within electronic
> communications networks to establish connections and to transmit
> information contain information on the private life of natural persons
> and concern the right to respect for their correspondence or concern the
> legitimate interests of legal persons."
> 
> 
> 

IP addresses are not personal data, they identify a machine and in most
cases identify a machine leased to that address on a temporary basis.  I
would posit that IP addresses are in fact extremely less private than a
phone number is.  I can get someone's phone number and use any number of
means to use that to get someone's name and address.  I cannot use an IP
address to do the same thing UNLESS the entity that is leasing that
information provides it.

This is specifically addressed in the point, on its face it plainly says
"data relating to subscribers".  Clearly this point is intended for ISP's
regarding their conduct in protecting a subscriber's right to privacy.  You
can't jump from a right to privacy a user has with an ISP and then apply
that to each and every entity that person contacts.

For instance, if some person decides to access my website and he posts
something I don't like I can't go to his ISP and demand his information.
However, if the same person sends an email to Jacque Chirac about how he is
going to bomb the Eiffel Tower you can guarantee his ISP would be handing
over his information as that clearly falls outside of "legitimate
interests".  

However, the mere fact that I know that a certain IP posted something I
didn't like on my website doesn't breech his privacy.  I can then, in turn,
determine I wish to ban his address from my website because I don't like
him, I own the site and that is my right.  He chose to visit my website and
thus make some information available to me in doing so.

If you were right, what's next in the EU, you can't take down the license
number of someone who ran you off the road because that's invading his
privacy?

--Guy





More information about the foundation-l mailing list