Hi Ricky
For those sorts of question, I'm reassured by the Article 29 Working Party's Opinion on Legitimate Interests.
http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp217_en.pdf
Summarising/over-simplifying that down to three lines:
If the information is personal data...
* Is your interest in processing it (presumably, to inform the organisation where its information is being read) legitimate?
* Is the processing necessary to achieve that interest (i.e. is there a less intrusive way to achieve that)?
* Is your interest overridden by the risk of harm to the rights and interests of the individuals whose IP addresses you process?
As far as I can see, by encouraging you to reduce the risk of harm to as near zero as you can make it, the Art29 approach actually makes the question of whether a particular low-risk identifier is, or isn't, personal data less important. Given the difficulty of actually answering that question (which was posed to the ECJ last autumn, but they don't seem to have started publicly thinking about it yet), that feels like a good thing :-) It also makes it a bit easier to comply with the Art29's earlier guidance on IP addresses that "unless you know it isn't personal data, treat it as if it is".
As a data subject who regularly uses the Internet I'd much rather have a website process my records under that sort of risk-minimisation regime rather than have sites assert that by visiting the website I've consented to whatever subsequent processing they choose to mention in the "privacy notice" (which, of course, I can't see without leaving a trace in the logs...). And as someone who may leave personal data on your websites, I'd much rather you kept logs for incident response use than deleted them!
Cheers
Andrew
--
*** From 10th November 2014 my e-mail address is [log in to unmask] Please save that to your contacts list so we can keep in touch ***
Andrew Cormack
Chief Regulatory Adviser
T 01235 822302
Skype ancormack
Twitter @Janet_LegReg
Blog https://community.ja.net/blogs/regulatory-developments
Lumen House, Library Avenue, Harwell Oxford, Didcot, OX11 0SG
jisc.ac.uk
> -----Original Message-----
> From: This list is for those interested in Data Protection issues [mailto:data-
> [log in to unmask]] On Behalf Of Richard Rankin
> Sent: 15 April 2015 08:35
> To: [log in to unmask]
> Subject: IP addresses
>
> I was at an event in Manchester yesterday and someone said that an IP
> address was now subject to data protection and should be anonymised
>
> Not exactly sure what this means - we would analyse download files to
> determine the Country and institutions that have been downloading our
> published papers
>
> Is this allowed?
>
> Ricky
>
> Tel: o289o973955
> Information Services
> 71 University Road
> Queen's University Belfast
> Belfast BT7 1NF
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> ^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the list
> owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> ^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|