Every computer on the Internet, like every dwelling in a city, has an address. Your computer's address -- called the Internet Protocol address, or IP -- is presented during any online interaction. It may sometimes seem possible that nobody knows what you're doing online. Don't believe it. Your IP can almost identify your machine or, at least, your home network: Go to a Web site, send an e-mail, trade files on BitTorrent, chat on IM, whatever -- your IP is shuttling all over.
So there you are, traveling around online with that IP address. Now consider this: What if someone were to keep track of that address? What if a company -- say, a big one -- were noting the address down in its files? Would that bother you?
Well, that's what Google -- and other search engines -- are actually doing right now. And the practice has privacy regulators in Europe unhappy.
When you search for something in Google, the site logs your IP, your search query, and details regarding any Web cookies it might have stored on your computer. Google keeps the information in its files for 18 months. After that, it strips away some details of the IP address, making your data "anonymous," as Google calls it.
At a European Parliament hearing yesterday, Peter Scharr, the data protection commissioner of Germany, suggested that the Parliament begin regarding IP addresses as personal information, just like a phone or Social Security number. Google and other companies, then, would need to comply with far more stringent regulations in order to continue to track IPs.
Google disagrees with that view. Ars Technica quotes Peter Fleischer, Google's privacy counsel, telling the committee that an IP is not always personally identifiable: "There is no black or white answer: sometimes an IP address can be considered as personal data and sometimes not; it depends on the context, and which personal information it reveals."
Google logs IP information to improve some its services -- it analyzes server logs to create its spell checker, for example -- and to combat fraud and spam. The company notes that it needs to log IP addresses to combat "click fraud" -- in which a computer script repeatedly clicks on Google's ads, running up charges for its advertisers.
In the old days of dial-up, Internet service providers handed out different IP addresses to customers every time they logged on. Now, with cable and DSL, you're likely to keep the same IP address for a far longer period of time. This means that more often than not, an IP address is personally identifiable -- it can tie you to a specific place and time on the Internet.
But is it "personal information"? That would, as Google's Fleischer says, depend on what it reveals. Google can't use your IP address to get into your bank account. In that respect, the IP is not like your Social Security number.
But using your IP, Google could paint a very detailed picture of your habits, your dreams, your unmentionable desires: It can search through its logs for every search made from a given IP address during the last 18 months.
That sure seems like personal data to me.