As far as I'm aware, since IP addresses _can_ uniquely identify a person (think of static IPs offered by some ISPs), it is considered personal data by authorities.
GDPR leaves a huge grey area that is up to interpretation, which in practice boils down to companies trying to avoid even said grey area and keeping a very strict GDPR policy. Been there, done that (doing that, in fact). Painful as it is, that's the law. Agoston On Sun, Jan 10, 2021 at 7:36 AM Michael Kafka via db-wg <db-wg@ripe.net> wrote: > On 2021-01-08 18:15, Randy Bush via db-wg wrote: > >> If the geofeed doesn't contain the above mentioned means to directly > >> or indirectly identify a natural person then GDPR don't apply, > >> especially if the geofeed refers only to a country or province. > > > > note that the geofeed spec, RFC8805, is separate from the rpsl-based > > means to find the geofeed files, draft-ietf-opsawg-finding-geofeeds. > > that wouldn't make a difference here. if the RIPE database points > immediately to personal information GDPR applies. > > > i was not involved in the geofeed spec, but it was done by friends of > > the family who gossip :) > > > > i was told that the reason there is no postal code in the geofeed file > > spec is because, in some cases, it resolves with sufficient precision to > > identify individuals. > > > > randy > > > the precision of postal codes (e.g. in great britain) is a good point! > > MiKa > >
