back to article Anonymous web data can be personal data, claims expert

A data protection specialist claims that users can gain control of their browsing history and have it protected by the UK’s Data Protection Act just by contacting companies such as Google, Yahoo! and Microsoft and telling them their identities. There is debate in privacy circles about when identifying information such as a …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Not much use

    for those of us whose IPs change regularly depending on the ISP's pool. I bet Google et al would be delighted to be able to match up all those IPs with people, mind.

  2. Jerome 0


    Surely there's no obligation on Google to store the personally identifying data you're sending them? If no data is stored, then wouldn't the whole area of data protection remain as grey as it is now?

  3. Pete 2 Silver badge


    What this guy is arguing is true - but only if your IP address maps directly to you. Always. In the vast majority of cases, individuals use dynamic IP addresses, assigned by their ISPs. It is possible for the government to find out who was using which IP address at a particular time, but not for anyone else to discover this.

    When you take into account the time variable, things become even more blurred. When was the personal data (that this IP could like to a real person) submitted - the search engines may record the timestamp of a query, but do they let that out? I've never heard of it. So we are left with one constant: some personal information, and two variables: IP address and time of use. Without both of these extra pieces of data, there can be no link back to a person.


  4. Anonymous Coward


    My IP Address is assigned by DHCP from my ISP (BT). For what ever reason my link drops, when it re-establishes I have a new IP Address.

    When your IP Address is stored, does the ISP also store the details about the length of time it was assigned to and some other information to link it to you or do they just run a report and say at this time this IP Address is assigned to this person therefore you're responsible?

  5. Alex 5

    you click

    you create a click stream.

    that is a record of *your* activity.

    that *should* belong to you.

    I've had a gut full of these Marketards and their probing, prying fingers, if you want to make money off my click stream then you can bloody well pay me for the usage.

  6. Anonymous Coward
    Anonymous Coward

    So the paranoid could ...

    ... contact them and give them a plausible but incorrect "identity"; they'd be forced to treat the records as personal data, since they knew no better. But it still wouldn't identify you personally.

  7. Anonymous Coward


    ...they can just delete the data you send to them? They're not obliged to keep it or relate it to any other information they hold!

    Oh wait... Jerome 0 beat me to it.

  8. Anonymous Coward


    As it happens I have a static IP on my DSL account. I also have the reverse DNS for that IP as a domain name that I own. If I choose to not opt out of the who is database - making my full name and address available - does that mean that all records associated with my IP are already "personal data"?

  9. Anonymous Coward
    Anonymous Coward

    It's all BullPlop

    Unique IP address like a Unique Number Plate...

    My cars number plate never changes...For the sake of argument I have a personal plate that stays with me when I change the car...This is not, never has been and never will be persoanlly identifiable information. I can take pictures of other peoples cars and post them all over the web/on billboards/in TV adverts or news segments and not fall foul of any privacy laws.

    It only becomes personally identifyable when used in conjunction with other data sources (such as the DVLA tax database)...The same is true of the IP address. You need the ISPs database in order to get any useful info out of it other than the ISP the person is using (just like you can only identify the rough year of manufacture by the numberplate, and with personal ones only that the car is newer than the plate)

    Information submitted by the users is normally inaccurate but should be treated by the ISP in a secured way...Something that is being broadcast around everywhere you go doesn't need to be treated in the same way.

  10. Anonymous Coward
    Anonymous Coward

    The no-cost perception

    The perception among the masses is that surfing the web is free, aside from the monthly connection cost, etc. So if they have a connection then when they visit a page with google analytics they think it is free because they dont pay for the content with money. The problem is that if you cut off the ability for google et al to mine your data and target ads then google loses their revenue stream and then they cannot afford to serve 'free' content.

    Most people probably don't care that their data is mined. They have been conditioned to not care since they have been watching ads on TV since long before the internet.

    Most of the readers of articles like these know that if google wanted to they could easily match a login name or email or other similar form data back to a specific person. But I honestly think google doesnt care what your name is. They just want to know what you are willing to spend cold hard cash on.

    Is it worth giving up our 'free' content in exchange for keeping our privacy? Most people would say 'no'. Remember the experiment where people gave their email passwords away for free candybars? To the masses, most non-tangible digital information has no value to them. The internet is their drug and they get it for 'free'.

  11. Andy 75
    Thumb Up

    IPs may change but....

    But why not mine the ID associated with your cookie and claim that as yours?

    That is what google etc. uses afterall.

    Of course the alternative was always to regularly clear cookies out at which point each blip of data they gather is a smaller and therefore less valuable picture.

    I like the idea but I'd also like to see somebody else with legal training etc. back this up.

  12. Anonymous Coward

    Changing IPs - what's the problem

    I',m puzzled as to why people here (who should know better) seem to think the fact their IP *may* change sometimes makes the underlying premise of the article invalid.

    I haven't yet heard of people arguing that their IP *may* have changed in defence to a criminal charge. Of course not, the ISP keeps records of which IPs were allocated to which account, and when.

    As long as you notify google et al when your IP changes, then you are forcing their hand .....

  13. Anonymous Coward
    Anonymous Coward

    @DHCP... A/C

    The ISP will have all the details to enable it to tie an IP Address/Date stamp to an account. If something naughty (or otherwise) happened during the period that you were assigned that IP address, you'll have to prove that it wasn't you being naughty.

  14. James Micallef Silver badge
    Big Brother

    So let me get this right....

    If the RIAA or MPAA is nosing about and finds an IP address that's been filesharing, then the IP is personally identifiable data and they can prosecute based on it, but if google and co have teh same IP in all their records, then this is not personally identifiable data so they can do whatever they like with it???

    BB, obviously

  15. Anonymous Coward
    Anonymous Coward

    If it is personal data then what?

    Does the data become protected in such a way that it cannot be agregated and mined and the like? If so, then sign me up.

    There is no such thing as a 'free lunch' but I want to know what I'm paying for. If Google or whoever want to make money out of my agregated data then I want them to explicitly tell me more about it not just take turnover and profit from 3rd parties and say 'there, there, don't you worry your pretty little head, this is a complicated matter too difficult for mere mortals to understand but you must accept we do no harm...' I can do without 'free' content, but I'm not prepared to unwillingly forgoe my anonymity.

    I will pay for valuable content but I'll define the value to me and not some 3rd party or 'marketard'.

  16. Anonymous Coward
    Anonymous Coward

    @James Micallef

    I think you're muddling up the USA and the UK.

  17. WhatWasThat?

    DHCP, RIAA, MPAA, and YOU!

    DHCP works on a lease time - the only way you "lose" your IP address is if you are disconnected for longer than 1/2 the lease time and someone else gets it, or the ISP runs out of available IP addresses while you are off/dropped for a minute or two and you catch as catch can. If you are connected (router/modem, not necessarily your computer - sorry), you keep the same IP. In ALL cases, the ISP *knows* who you are EXACTLY. How else could they claim to know when you exceed bandwidth limits, eh? And just because you "never bring attention" to yourself does *not* mean that they aren't tracking you as a matter of course.

    Marketers: Your IP address does not identify one individual, but a collective of consumers of one or more tastes at a residence. We collect the browsing habits of the user(s) at the residence to better serve you, and reduce the flow of inapplicable ads you see.

    RIAA/MPAA: Your IP address does identify one individual, and any file sharing activity of copyright works means that you are a criminal and owe us money.

    YOU: Alright @ssholes, one way or the other. Either it does identify me, in which case make the collection illegal and put protections place (makes it harder for RIAA/MPAA to track you because of privacy protections, marketers increase cost / lose business), or It does not identify me (RIAA / MPAA have harder time pushing a legal case, marketer's perceived value decreases).

    Really, I don't see the problem here either way, eh?

  18. Anonymous Coward
    Anonymous Coward

    Correct me if I am wrong...

    in my house, I connect, ISP gets

    telno, username, password, and allocates an IP address for the duration of connection.

    username is assigned to me, joe bloggs, at blah de blah street, where I am billed.

    So it personal.

    Go to neighbours house, because my line is down, the only difference is the telno, BUT, if I log on with my username, then its ME, so its Personal?

  19. Anonymous Coward
    Black Helicopters

    Just a thought

    If you send the "Phorm UID" to Phorm along with a DPA Notice requesting all the stored information they have which applies to that UID.

    What happens?

  20. Covert Surfer

    Its the consumers responsibility

    Your IP Address changes if you have a dynamic IP, but those changes are recorded and stored by yor ISP. Giving your name to 'Google' to claim your IP Address as personal data is a waste of time, because they most likely already have it from their other data mining database. Search engine companies make their money via advertising and data mining, selling it to the retail market. It is up to the consumer to protect their personal information. Use a proxy service, automatically clean out your cookies and use a seure connection, all of which can be easily controlled by the consumer.

This topic is closed for new posts.

Other stories you might like

Biting the hand that feeds IT © 1998–2022