Sometimes "John Smith" identifies a particular individual; sometimes not.
Renzo Marchini
Special Counsel
Dechert LLP
+44 20 7184 7563 Direct
On 31 Jan 2015, at 16:31, Roland Perry <[log in to unmask]<mailto:[log in to unmask]>> wrote:
In message <[log in to unmask]<mailto:[log in to unmask]>>, at 12:48:03 on Sat, 31 Jan 2015, Michael Bacon - Grimbaldus <[log in to unmask]<mailto:[log in to unmask]>> writes
Some real scenarios from retail clients:
1) An account customer (#1) places an order online from home. The retailer's firewall captures the IP address. The stored account details include the customer's name, address, home and mobile telephone numbers and email address. It is easily arguable that the IP address is the customer's Personal Data.
2) The customer's partner, also an account customer (#2), places an order online from home. The retailer's firewall captures the IP address. The stored account details include customer #2's name, address, home and mobile telephone numbers and email address. Whose PD is the IP address now? Both of them or neither of them? It cannot be used as a unique identifier of either one of them, as it will point to both of them.
This is a classic case of the "excluded middle". Sometimes an IP address will be clearly one individual's PD, sometimes it will clearly not be. Then there's all the cases in the middle which "might be". But the only practical way to run your organisation is treat all IP addresses with the same respect and sort out the "who's PD" issue later on a case by case basis.
[snip - more examples]
These are everyday issues for online and large retailers. I know that they are less of an issue for utilities, and local and central government - where one is more commonly dealing with a *uniquely* identifiable individual assocated with a single address.
For the Internet industry it's an issue of "public" (in published logs, WHOIS databases and so on, where in many cases there might be some mileage in getting informed consent) IP addresses are, and whether they need to be treated under DPA law when requested by law enforcement etc.
I note, for example, that my previous posting included the following in one of the header lines (in a sense "logged by my email provider Gradwell and then published by the JISCMAIL system"):
Received: from 5751e95f.skybroadband.com<http://5751e95f.skybroadband.com> (HELO perry.co.uk<http://perry.co.uk>)
(87.81.233.95)
The latter of course being my static IP address which certainly identifies the household, if not myself. It also reveals who my connectivity ISP is, but knowing that doesn't really help identify me, but just might say something about my choice of supplier (which stretching the analogy a bit is for some almost a religious matter).
--
Roland Perry
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.jiscmail.ac.uk_lists_data-2Dprotection.html&d=AwIBAg&c=XHgqDMffAkUKcWDgZTAtfA&r=WA4vMljdqTypcda6BHAprb1VUCTP6WWutu0BST87unI&m=k2ZKfuqZ_-UXBWxiaFtbudvH2LlIgeCgG9MYGZ-a6ls&s=KGmy6oS0fcG9pDWIo4qlsmyUPFxjoTXJp23uleMGtxQ&e= If you wish to leave this list please send the command
leave data-protection to [log in to unmask]<mailto:[log in to unmask]>
All user commands can be found at https://urldefense.proofpoint.com/v2/url?u=http-3A__www.jiscmail.ac.uk_help_commandref.htm&d=AwIBAg&c=XHgqDMffAkUKcWDgZTAtfA&r=WA4vMljdqTypcda6BHAprb1VUCTP6WWutu0BST87unI&m=k2ZKfuqZ_-UXBWxiaFtbudvH2LlIgeCgG9MYGZ-a6ls&s=jdTJNjAXHSfvFlsHjeWlxYY6mbYHiy920UWCO2Wzl6A&e= Any queries about sending or receiving messages please send to the list owner
[log in to unmask]<mailto:[log in to unmask]>
Full help Desk - please email [log in to unmask]<mailto:[log in to unmask]> describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]<mailto:[log in to unmask]>
(all commands go to [log in to unmask]<mailto:[log in to unmask]> not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
**********************************************************************
This e-mail is from Dechert LLP, a law firm, and may contain information that is confidential or privileged. If you are not the intended recipient, please delete the e-mail and any attachments, and notify the sender. Dechert LLP is a limited liability partnership registered in England & Wales (Registered No. OC306029) and is authorised and regulated by the Solicitors Regulation Authority. A list of names of the members of Dechert LLP (who are solicitors or registered foreign lawyers) is available for inspection at its registered office, 160 Queen Victoria Street, London EC4V 4QQ.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|