[dspillett]

Has it not been successfully argued that an IP address is not sufficiently identifying (in various court cases wrt piracy)? If so then the source host's name, either given directly in the protocol or returned from an rDNS query, shouldn't be either.

[warpspin]

> Has it not been successfully argued that an IP address is not sufficiently identifying (in various court cases wrt piracy)? If so then the source host's name, either given directly in the protocol or returned from an rDNS query, shouldn't be either.

No. For purposes of the GDPR, IP addresses are considered personally identifying information.

https://curia.europa.eu/juris/document/document.jsf?text=&do...

A bit of a background: It had long been accepted in EU law, that a statically assigned ip address is PII. For years, it has been contested if dynamically assigned ip addresses also fall under this, as the owner of a website has no means to actually trace that ip address back to a natural person. Here the highest EU court basically decided, that as long as even a third party (the internet provider assigning the dynamic ip address) is able to identify the person using an ip address at a certain time, also dynamically assigned ip addresses have to be considered PII, and therefore all ip addresses.

[mypetocean]

Another thing to consider is that in many PII laws, data which can be combined with other data to reconstruct a complete instance of PII will itself count as PII.

So if a full hostname or IP counts as PII, then a _partial_ hostname or IP also counts.

[aasasd]

This logic seems to suggest that ‘a’ is my PII, because you can get ‘aasasd’ from it if you throw the dice enough times.