Hmm, GDPR thought experiment: I make a database of public IPv4s by running a couple for-loops and subtracting private spaces. Can an EU guy who owns an IPv4 request to have it removed?
Regarding GDPR, I think IPs are considered “personal data” if you can identify the user from it.
Well, my understanding is any data is ‘personal data’ if you can use it to identify a user, can be combined to identify a user or can be aggregated to an identified user.
For example, list of addresses themselves are not personal data. Everybody has access to addresses, you can get them at the post office for example when you try to look up code for the address.
But a list of addresses of creditors (ie. address + some non-identifying context information) is personal data.
I do not know GDPR well but given just that example I would say there is some more nuance.
Well, my understanding is any data is ‘personal data’ if you can use it to identify a user, can be combined to identify a user or can be aggregated to an identified user.