It's unclear to me based on your post, but you do realize that public IPs very much count as personally identifiable information under the GDPR, right?
Is this really the case?
It's very uncommon for an IP to resolve to an actual user these days due to widespread use of Carrier-Grade Networks Address Translation (CGNAT).
Assuming you had the public IP of an actual user though, how would you link it to a person without asking the ISP?
According to case law it is personal information; Because in realistic scenario's you can use it in combination with some other data, such as from the browser headers, to identity someone with a high degree of accuracy.
Ofcourse this evolves as the landscape changes. And it isn't always the case. But the comment is accurate.
Avfrosta|1 year ago
jeffhuys|1 year ago
dcanelhas|1 year ago
Assuming you had the public IP of an actual user though, how would you link it to a person without asking the ISP?
BartjeD|1 year ago
Ofcourse this evolves as the landscape changes. And it isn't always the case. But the comment is accurate.
solardev|1 year ago