Full Disclosure

[Roland Perry]

In article 
<7b6bd0c90804292254s5dc7172ci66d0b8cbd501c76b@mail.gmail.com>, Joel 
Harrison <joeldharrison@googlemail.com> writes
>Inherent in the DPA's definition of personal data is that the
>information necessary to identify the individual must be in the
>possession, or be likely to come into the possession, of the data
>controller.  That's been in the DPA since day one.  Now, that would
>prevent a dynamically allocated IP address from being personal data in
>the search engine's hands, because the search engine doesn't have
>access to the ISP's logs.  It is also arguable that even static IP
>addresses aren't personal data in the search engine's hands, because
>the search engine may swear blind that it would never, ever run an IP
>Whois lookup against the IP address and derive the necessary
>information about the person to whom the IP address is allocated.

I disagree with this line of argument in two ways:

1) It's not relevant whether the IP addresses are Static, Dynamic, or 
Fixed (dynamic technology but assigned an unchanging address). Because 
it's not immediately obvious which is which (in a general case), all 
must be treated the same.

2) Plenty of IP addresses can be associated with an individual without 
access to the information that an ISP has on file. Archives of mailing 
lists such as this, and Usenet, all contain a rich source of IP 
addresses. It has already been discussed (as a criticism of Phorm) how a 
search engine can come to conclusions about an individual simply from 
the searches they do, with examples. And as in #1 above, because some IP 
addresses can be traced in that way, then all of them should be 
protected.
-- 
Roland Perry