Friday, February 22, 2008
To protect privacy, you first have to identify what data is personal. That’s why there has been a lot of discussion in recent months around the world to try to define “personal data” (as it is referred to in Europe), or “personally identifiable information” (as it’s called in the U.S.).
The discussion is a broad one: as the world’s information moves online, how should we protect our privacy? What pieces of data can identify us as individuals, directly or indirectly? For instance, your name, address, phone number, social security number and your fingerprints are all personal data, since all of them can be used to identify you as an individual. But many people have raised the question of whether an IP address is personal data. To decide whether this is the case, it's helpful to first understand the technical workings.
An Internet Protocol (IP) address is an address for a computer on the Internet, which exists to allow data to be delivered to that computer. When you enter a website's name - like http://www.google.com - that is actually a handy shortcut for the website's IP address - right now, one of Google's is http://220.127.116.11/. So when a website needs to send your computer something (for instance, your Google search results), it needs your IP address to send it to the right computer.
The situation gets a bit more complex, though, because the IP addresses that people use can change frequently. For instance, your Internet service provider (ISP) may have a block of 20,000 IP addresses and 40,000 customers. Since not everyone is connected at the same time, the ISP assigns a different IP address to each computer that connects, and reassigns it when they disconnect (the actual system is a bit more complex, but this is representative of how it works). Most ISPs and businesses use a variation of this "dynamic" type of assigning IP addresses, for the simple reason that it allows them to optimize their resources.
Because of this, the IP address assigned to your computer one day may get assigned to several other computers before a week has passed. If you, like me, have a laptop that you use at work, at home, and at your corner café, you are changing IP addresses constantly. And if you share your computer or even just your connection to your ISP with your family, then multiple people are sharing one IP address.
So, back to our initial question: is an IP address personal data, or, in other words, can you figure out who someone is from an IP address? A black-and-white declaration that all IP addresses are always personal data incorrectly suggests that every IP address can be associated with a specific individual. In some contexts this is more true: if you're an ISP and you assign an IP address to a computer that connects under a particular subscriber's account, and you know the name and address of the person who holds that account, then that IP address is more like personal data, even though multiple people could still be using it. On the other hand, the IP addresses recorded by every website on the planet without additional information should not be considered personal data, because these websites usually cannot identify the human beings behind these number strings.
At Google, we know that user trust is fundamental to our success; users will stop choosing to use Google products and services if they can't trust us with their data. For this reason, we have made moves to safeguard that privacy, like anonymizing our logs and worked with privacy groups on initiatives like shortening cookie length. We have proposed broad global privacy standards, and are strong supporters of the idea that data protection laws should apply to any data that could identify you. The reality is though that in most cases, an IP address without additional information cannot. The policy debate about data protection and IP addresses will continue, but it’s important to have a firm grasp of the technical realities of the debate in order to reach conclusions that make sense.