We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:


Current browse context:


Change to browse by:


References & Citations

DBLP - CS Bibliography


(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Cryptography and Security

Title: Why IP-based Subject Access Requests Are Denied?

Abstract: Understanding the legal status of IP addresses is complex. In Europe, the General Data Protection Regulation (GDPR) is supposed to have leveraged the legal status of IP addresses as personal data, but recent decisions from the European Court of Justice undermine this view. In the hope to clarify this situation, we have looked on how 109 websites deal with IP addresses. First, we analyzed the privacy policies of these websites to determine how they considered IP addresses. Most of them acknowledge in their privacy policy the fact that IP addresses are personal data. Second, we submitted subject access requests based on the IP addresses used to visit different websites. Our requests were often denied. Websites justify their answers with different explanations suchlike: you need to register, or IP addresses do not allow to identify you, to name a few. This situation is rather frustrating for any user wanting to exercise his/her rights: IP addresses are personal data on (legal) papers, but there are no means to exercise the rights thereto. One maybe tempted to say that IP addresses are not personal data. We make several proposals to improve this situation by modifying how IP addresses are allocated to a user.
Subjects: Cryptography and Security (cs.CR)
Cite as: arXiv:2103.01019 [cs.CR]
  (or arXiv:2103.01019v2 [cs.CR] for this version)

Submission history

From: Supriya Adhatarao [view email]
[v1] Mon, 1 Mar 2021 14:13:32 GMT (338kb)
[v2] Thu, 27 May 2021 21:21:14 GMT (903kb)

Link back to: arXiv, form interface, contact.