Google responde a la Union Europea y dice que la direccion IP no es un dato personal.

Google responde a la Union Europea y dice que la direccion IP no es

dato personal.  

¿Es la direccion IP un dato personal? 

Are IP addresses personal?

Friday, February 22, 2008 at 12:31 PM

Posted by Alma Whitten, Software Engineer

To protect privacy, you first have to identify what data is personal. That’s why there has been a lot of discussion in recent months around the world to try to define “personal data” (as it is referred to in Europe), or “personally identifiable information” (as it’s called in the U.S.).

The discussion is a broad one: as the world’s information moves online, how should we protect our privacy? What pieces of data can identify us as individuals, directly or indirectly? For instance, your name, address, phone number, social security number and your fingerprints are all personal data, since all of them can be used to identify you as an individual. But many people have raised the question of whether an IP address is personal data. To decide whether this is the case, it’s helpful to first understand the technical workings.

An Internet Protocol (IP) address is an address for a computer on the Internet, which exists to allow data to be delivered to that computer. When you enter a website’s name – like http://www.google.com – that is actually a handy shortcut for the website’s IP address – right now, one of Google’s is http://72.14.207.99/. So when a website needs to send your computer something (for instance, your Google search results), it needs your IP address to send it to the right computer.

The situation gets a bit more complex, though, because the IP addresses that people use can change frequently. For instance, your Internet service provider (ISP) may have a block of 20,000 IP addresses and 40,000 customers. Since not everyone is connected at the same time, the ISP assigns a different IP address to each computer that connects, and reassigns it when they disconnect (the actual system is a bit more complex, but this is representative of how it works). Most ISPs and businesses use a variation of this “dynamic” type of assigning IP addresses, for the simple reason that it allows them to optimize their resources.

Because of this, the IP address assigned to your computer one day may get assigned to several other computers before a week has passed. If you, like me, have a laptop that you use at work, at home, and at your corner café, you are changing IP addresses constantly. And if you share your computer or even just your connection to your ISP with your family, then multiple people are sharing one IP address.

So, back to our initial question: is an IP address personal data, or, in other words, can you figure out who someone is from an IP address? A black-and-white declaration that all IP addresses are always personal data incorrectly suggests that every IP address can be associated with a specific individual. In some contexts this is more true: if you’re an ISP and you assign an IP address to a computer that connects under a particular subscriber’s account, and you know the name and address of the person who holds that account, then that IP address is more like personal data, even though multiple people could still be using it. On the other hand, the IP addresses recorded by every website on the planet without additional information should not be considered personal data, because these websites usually cannot identify the human beings behind these number strings.

At Google, we know that user trust is fundamental to our success; users will stop choosing to use Google products and services if they can’t trust us with their data. For this reason, we have made moves to safeguard that privacy, like anonymizing our logs and worked with privacy groups on initiatives like shortening cookie length. We have proposed broad global privacy standards, and are strong supporters of the idea that data protection laws should apply to any data that could identify you. The reality is though that in most cases, an IP address without additional information cannot. The policy debate about data protection and IP addresses will continue, but it’s important to have a firm grasp of the technical realities of the debate in order to reach conclusions that make sense.

Fuente:

 

http://googlepublicpolicy.blogspot.com/2008/02/are-ip-addresses-personal.html  

 

 

 

 

 

La Union Europea recuerda que la direccion IP es un dato personal.

La Union Europea recuerda que la direccion IP es un dat personal y que debe cumplirse la directiva europea 95-46-EC. 

ARTICLE 29 Data Protection Working Party  

This Working Party was set up under Article 29 of Directive 95/46/EC. It is an independent European advisory body on data 

protection and privacy. Its tasks are described in Article 30 of Directive 95/46/EC and Article 15 of Directive 2002/58/EC.  

The secretariat is provided by Directorate C (Civil Justice, Rights and Citizenship) of the European Commission, Directorate General Justice, Freedom and Security, B-1049 Brussels, Belgium, Office No LX-46 01/43. 

Website: http://europa.eu.int/comm/justice_home/fsj/privacy/index_en.htm  

Press Release  Communiqué de presse  Mitteilung für die Presse 

 

Brussels, 19 February 2008 

 

ARTICLE 29 DATA PROTECTION WORKING PARTY  

The Art. 29 WP elected its new chairman and vice chairman, decided upon its work programme for the next two years, adopted an opinion on children’ privacy,  resolved to continue its joint enforcement measures, and prepared for the next Safe Harbor Conference to take place in Brussels later this year. 

New Chairman and Vice Chairman: The Art. 29 WP elected Alex Türk, the head of the French Data Protection Authority as its next chairman. Jacob Kohnstamm, the president of  the Dutch Data Protection Authority, became the new vice chairman. Türk has already served  as vice chairman during the term of his predecessor, ensuring that an experienced data protection specialist will remain at the helm of the group in the face of diverse challenges. He now has a mandate to lead the group for the next two years. In his farewell address, the departing chairman, Peter Schaar, thanked the group for their overwhelming support during his tenure, and wished his successor good luck and success.  

Search Engines: The WP continued its deliberations on a long-awaited working paper on search engines, with a view to finalising this work in the course of the next months. As the use of search engines becomes a daily routine for an ever growing number of citizens, the protection of the users’ privacy and the guaranteeing of their rights, such as the right to access to their data and the right to information as provided for by the applicable data protection regulations, remain the core issues of the ongoing debate. Search engines fall under the EU Data Protection Directive 95/46/EC if there are controllers collecting users’ IP addresses or search history information, and therefore have to comply with relevant provisions. These provisions also apply to such controllers who have their headquarters outside the EU, but only an establishment in one of the EU Member States, or who use automated equipment based in one of the Member States for the purposes of processing personal data.  

Bi-annual Work programme 2008/9: Many vital issues remain on the agenda of the Art. 29 WP. This is particularly true in light of new developments such as the deployment of RFID chips on consumer products, and electronic toll systems. In its new bi-annual programme, the WP made it clear that it wants to keep abreast of such developments in order to be able to inform citizens about data protection related issues and to find privacy enhancing solutions when it comes to new technological applications.  

The growing plans of governments around the world to track travellers through surveillance mechanisms raise alarm bells in the data protection world. Social networks and behavioural targeting pose many privacy related challenges which need to be examined and adequately addressed. Legal instruments to ensure the smooth transfer of personal data from Europe to countries without an adequate level of data protection, such as binding corporate rules (BCRs) or standard contractual clauses, require the further attention of the group and a continual dialogue with the industry. 

Children and Privacy: Children have never been the primary addressees of a Working Paper. In the framework of the Commission initiative “Towards an EU strategy on the Rights of children” the WP wanted to provide its input, and issued a comprehensive document dealing with the legal and practical aspects of children and the protection of their privacy. 

Children should learn from an early stage to respect the privacy of others, and that they themselves have to protect their personal data. The adopted document is specifically aimed at school authorities who collect and process many data including sensitive data not only about pupils, but also about their representatives. Awareness raising among teachers and pupils is, therefore, one of the main objectives of the opinion.  

The WP decided to invite all those handling children’s data to comment on the document, which should be considered a first step towards a better understanding of children’ s needs and rights in this field. Following the public consultation the WP might embark on other aspects of children’s privacy. 

Safe Harbor Conference: Following last year’s successful Safe Harbor Conference in Washington, a follow-up event will take place in the course of this year. By hosting this year’s conference in Brussels the WP underlines its commitment to engage with the US authorities on all pending questions of shared interest and to strengthen mutual trust and understanding. The Safe Harbor scheme has proved to be an invaluable instrument for the industry to transfer personal data to the US, and should be further developed. A permanent working group has therefore been established jointly by the EU and the US to work on proposals aimed at tackling pending questions such as enhancing transparency and promoting acceptance.  

In view of global developments such as the threats of terrorism and the ever growing appetite of law enforcement agencies to use citizen’s data for their purposes, the WP also stresses the need for a constant dialogue with the US with the aim of finding global answers to the challenges posed by an interdependent world.      

Data Protection Day: The second Data Protection Day, which fell on 28 January 2008, proved to be a great success. The WP evaluated the numerous measures undertaken in all EU Member States to share experiences and promote best practices. The Data Protection Authorities found various ways to reach out to their citizens, particularly young people, to raise awareness. The media reported extensively about current privacy issues, and politicians engaged with their citizens in countless events across Europe. Following the recent scandals in some Member States, European citizens are more and more concerned about the way in which government agencies and private businesses handle their personal data. The large scale breaches of data protection provisions in the recent past have to be taken seriously to address these concerns. Much needs to be done to improve the poor picture which emerges out of careless practices to re-establish trust and confidence.     

Background information 

The Article 29 Working Party on the Protection of Individuals with regard to the Processing of Personal Data is an independent advisory body on data protection and privacy, set up under 

Article 29 of the Data Protection Directive 95/46/EC. It is composed of representatives from the national data protection authorities of the EU Member States, the European Data Protection Supervisor and the European Commission.  Its tasks are described in Article 30 of Directive 95/46/EC and Article 15 of Directive 2002/58/EC. The WP is competent to examine questions covering the application of the national measures adopted under the data protection directives in order to contribute to the uniform application of the directives. It carries out this task by issuing recommendations, opinions and working documents.