Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

First, an IP address is considered personal data in the EU.

Second, an IP address is not enough, it may change or be shared. The advertisers ‘need’ to track you forever to serve you relevant ads. So they devise all kinds of tricks to do so.



> First, an IP address is considered personal data in the EU.

I don’t believe that’s true. To my knowledge, GDPR only treats IP address as personal data if it is associated with actual identifying information (like name or address). Collecting IP address alone, and not associating it with anything else, is completely fine (otherwise nginx and apache's default configs would violate GDPR), and through them basically every website would violate GDPR.


That's correct. IP addresses are not personal data in themselves but they may become so if further data are collected or accessible which allow to identify individuals when used together with IP addresses.


Collecting IP addresses and linking them to a user ID is considered PII as far as I know.


So the idea is that you can’t legally collect information in private that you can technically collect.

As long as a company is able to keep it a secret, they won’t get caught.

Witness the hundreds of violations of public trust by Facebook:

https://www.independent.co.uk/tech/facebook-app-recording-ca...

The only complete solution is technological!


CGNAT complicates matters even further. Sometimes I'm placed way off within <country> if a site tries to go by GeoIP databases, as the provider placed a bunch of households behind a single address.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: