Data held by ISPs

Peter Fairbrother zenadsl6186 at
Tue Dec 23 11:47:16 GMT 2014

On 23/12/14 09:19, David Pick wrote:
> On 22/12/14 22:45, Mark Harrison wrote:
>> </snip>
>> IP addresses (of the subscriber) are personal data.
>> Although it's taken a long time for this to be nailed into law (rather
>> than denied by the MRD brigade).
>> </snip>
>> I'm surprised. IP addresses from ISP's are shared. They are rarely given
>> to end devices but rather routers that are also shared. How could they
>> be classed as identifiable? To whom under the law?
> To my mind it's not the IP address in isolation that's "Personal Data",
> it's the relationship between the IP address and a person. It is *very*
> important that it is acknowledged that this relationship exists because
> if the relationship is not acknowledged the possibilities for miscreants
> to identify people without the possibility of legal redress is enhanced.
> There are many forms the relationship can take ranging from registration
> in an Internet Registry database or the DNS through to logs from the
> CGNAT service used by an ISP. For each of these to be handled with the
> appropriate level of care the nature of the relationship to identifiable
> people must be recognised.

Yep - it's not necessary for data to be linked with a person in 
isolation; if it can be linked with a person in combination with some 
other data which might be obtained - eg ISP IP assignments - then it is 
personal data.

Or, the IP a personal email is sent from is personal data at that time.

PS I have a fixed IPv.4 IP address (actually 8 of them), packets 
addressed to which will come to my personal computer (or computers I 
run). It isn't that uncommon, most ISPs offer the choice of a fixed 
IPv.4 address even now, though they may charge extra.

When IPv.6 really gets going I suspect that most IPs will be fixed.

-- Peter Fairbrother

More information about the ukcrypto mailing list