Chapter 1: Introduction to Privacy

The Line Between Personal and Nonpersonal Information

Where personal ends and nonpersonal begins is unclear and varies by regime. The EU generally treats IP addresses as personal data; U.S. agencies under the Privacy Act do not, though the FTC has called them personal in health-breach contexts.

The difference between personal and nonpersonal information depends on what is identifiable, and the line is not always clear - regulators and courts in different jurisdictions may disagree.

How regimes treat IP addresses
Regime	IP address treatment
European Union	Generally considered personal data (identifiable)
U.S. federal agencies under the Privacy Act	Not considered covered by the statute
U.S. FTC (health-care breach context)	Considered personal information

Same data, different answer

Whether an IP address is 'personal' depends on the regulatory regime. Changes in technology (static vs. dynamic IPs, IPv6) can also shift the line toward identifiability.

Key terms - quick answers

What is “IP address”?

Numbers identifying the location of computers in internet communications; treated as personal data in the EU but generally not under the U.S. Privacy Act.

What is “Privacy Act”?

U.S. statute under which federal agencies generally do not consider IP addresses to be covered.

← Nonpersonal, Deidentified, and Pseudonymized Information Sources of Personal Information →