In a blog post published on the Federal Trade Commission (FTC) website, Jessica Rich, Director of the FTC’s Bureau of Consumer Protection, recently stated that:
“we regard data as ‘personally identifiable,’ and thus warranting privacy protections, when it can be reasonably linked to a particular person, computer, or device. In many cases, persistent identifiers such as device identifiers, MAC addresses, static IP addresses, or cookies meet this test.”
The post (which reiterates Ms. Rich’s remarks at the Network Advertising Initiative’s April meeting) suggests a shift in the FTC’s treatment of IP addresses and other numbers that identify a browser or device. The FTC previously has taken the position that browser and device identifiers are deserving of privacy protections, but the FTC generally has avoided classifying these identifiers as equivalent to personally identifiable information (such as name, email, and address) except in the narrow context of children’s privacy. (The FTC’s rule implementing the Children’s Online Privacy Protection Act defines “personal information” to include a “persistent identifier that can be used to recognize a user over time and across different Web sites or online services.”)
Continue Reading FTC’s Jessica Rich Argues IP Addresses and Other Persistent Identifiers Are “Personally Identifiable”