|
|
|
|
|
|
by rndgermandude
1596 days ago
|
|
|
It is enough to identify whoever is paying for the internet access, which is enough, in itself. And it might be enough to identify the actual user with "reasonable" certainty, e.g. if the user was home alone at the time the IP was used. Courts found that it doesn't have to be demonstrated that a user can be identified, the abstract reasonable risk that a user could be identified is enough to turn an IP address into PII (and this ruling explicitly mentions this). |
|
|