GDPR scare: are cookies and IP address personal data?

In the context of the confusion that has arisen in the run-up to GDPR, there have been suggestions that the information contained in cookies and IP address is personal data.

But these assumptions and fears turned out to be completely unfounded, so you can rest easy - because personal data is not always personal data.

Information hidden behind an IP address

From the IP address itself, you have absolutely no way of knowing who the user of the device that connects to the network via that address is without further information. This is true not only for dynamic IP addresses, which are assigned by mobile operators to individual devices, for example, but also for fixed IP addresses.

A different situation arises if we look at this from the perspective of the ISP. The ISP has, or has had in the past, a record of which IP address it has assigned to which person. However, even the ISP itself may not have this additional information.

What cookies tell you

A cookieonly carries information about a user's IP address and the websites that the user has visited. If the marketing agency that uses this data does not have any further information about the user and therefore cannot be expected to seek any further information that could lead to the identification of the user, again there should be no processing of personal data of these users.

It is necessary to take into account the situation where an Internet operator, for the purpose of targeting advertising, links the information contained in cookies to specific user accounts of natural persons that it has on file. In this case, it is the processing of personal data with all the obligations and consequences that this entails.

If you are in doubt or just unsure whether the user data you are working with is subject to data protection or not, please contact us. We have real specialists on our team who can give you expert advice and save you money on any potential fines.