So we have a GDPR breach now as I posted some IP address here :).
They are PI if you also have other data that can tie it to an individual without sending request to his internet provider. That company in the article is mostly tying IP to a country/region.
There is no technical way to get any info about individual from the IP address alone. I also disagree with "which in many cases can be directly tied to an individual" most often it is not tied and if it is then only temporarily and only if and when user logs into your system and you have other information about him that he gave out. With CG NAT and often dynamic IP allocation by providers.
In the end any "outrage" is not substantiated because the way IP addresses are managed you have whois registry that is public and that will tell you which provider has this IP and country/region as well. So they don't do anything that is not already possible.
> With CG NAT and often dynamic IP allocation by providers.
Which are both bad practices on the way out as IPv6 becomes the norm. (Static IP prefixes - to illustrate another PI aspect of this - also mean that ISPs don't have to keep IP logs, which for better or worse, laws require of them for potential future law enforcement purposes.)
And indeed, like other PI, their collection only becomes problematic when it's associated with other PI and/or is done on a massive enough scale (like this service is doing ?) - also remember how government databases are forbidden from merging for this very reason.
So we have a GDPR breach now as I posted some IP address here :).
They are PI if you also have other data that can tie it to an individual without sending request to his internet provider. That company in the article is mostly tying IP to a country/region.
There is no technical way to get any info about individual from the IP address alone. I also disagree with "which in many cases can be directly tied to an individual" most often it is not tied and if it is then only temporarily and only if and when user logs into your system and you have other information about him that he gave out. With CG NAT and often dynamic IP allocation by providers.
In the end any "outrage" is not substantiated because the way IP addresses are managed you have whois registry that is public and that will tell you which provider has this IP and country/region as well. So they don't do anything that is not already possible.