Hacker News new | ask | show | jobs
by throwhauser 1595 days ago
> The IP Address is NOT the only thing that makes this data into personal data.

Can you cite a reference for that? I fully believe that Google is using cookies for this, but that doesn't mean that the legal authority here isn't making the judgment on IP address alone. I believe a recent GDPR decision against Google Fonts was based on IP address alone. [0]

[0] https://news.ycombinator.com/item?id=30135264
2 comments
sqrt2 1595 days ago
The Google Fonts case was decided based on the transmission of the full IP address in a jurisdiction (Germany) where there are ways to identify a user by means of that address. CNIL's press release follows a decision by the Austrian data protection authority where the Google Analytics cookies were at issue.

If you can read German, you can look at the Austrian decision directly, the complainant has uploaded it at [1] and the relevant section is D.2 b) starting at page 27.

[1] https://noyb.eu/sites/default/files/2022-01/E-DSB%20-%20Goog...

link
lmkg 1595 days ago
The linked article. Relevant quote:

> In this context, a unique identifier is assigned to each visitor. This identifier (which constitutes personal data) and the associated data are transferred by Google to the United States.

This is an accurate description of GA's pseudonymous identifier. It is not accurate as a description of an IP address. And if CNIL meant the IP Address, they would have said so, as they did in other rulings.

link