IP address tracking is a popular addition to many digital marketing mixes, helping improve audience understanding and boost lead generation. However, there has been a question surrounding IP addresses and how different governing bodies regard their status within data protection regulations. IP addresses come in many forms, and experts have had difficulties calculating where they best sit within data categories. Data regulations always strive to protect us as individuals, and ensure our data is treated with care and respect, but how does this work for our IP addresses? And what does this mean for businesses using IP tracking?
What is an IP address?
An Internet Protocol (IP) address is a unique identifier assigned to an electronic device, enabling it to connect with the internet and other networks. This assigned IP address allows users to identify and communicate with websites, applications and other devices.
All IP addresses are assigned by your internet service provider (ISP), who procure the addresses from IANA (the internet assigned numbers authority), where all IP addresses are managed and distributed globally. The growing number of electronic devices in circulation has promoted the development of a new IP address format, shifting from a 32-bit number in 4 parts to a 128-bit hexadecimal code in 8 parts. This advancement allows IANA to ensure enough IP addresses can be distributed to support the global demand for increased electronic connectivity and digital dependence.
IP addresses are not new, they have been a vital part of our online world for a few decades now. They enable us to pass data easily between devices and platforms, without the need to download information manually onto a CD or other external storage for transfer.
Using IP address tracking allows businesses to gain some exciting insights, including the locations of their website visitors, contributing to advanced web analytics. This helps businesses gain a deeper understanding of their online audience, tailor campaigns to better suit their prospects and improve lead generation efforts. They contribute so highly to our digital world, without IP addresses, we would be in serious trouble!
Why the legal questions around IP address tracking?
IP addresses remain a questionable topic under data protection regulations, as it’s difficult to find exactly how they fit into laws around classifying and processing data. Here are some of the problems with IP addresses and their place in our data world:
The personal data debate relating to IP address tracking
Each data regulation has a different definition of personal data, but they all follow a similar line. The ICO explains personal data under the GDPR as follows:
Personal data only includes information relating to natural persons who:
- can be identified or who are identifiable, directly from the information in question; or
- who can be indirectly identified from that information in combination with other information.
Though not all countries work under the GDPR, this definition is broad in that many countries see personal data as information pertaining directly to the individual in question, allowing them to be identified. This includes your name, and often detail such as email address, health information and residence. Any data considered personal, must only be gathered, stored, processed and used in accordance with the necessary legal regulations.
IP addresses fall on a fuzzy line; they are individual to your device, so can be tracked back to you. However, an IP address needs to be public in order to work, and without the personal data held by your ISP matching your name with the IP address, there are very few who can discover your details from nothing but an IP. This being said, ISPs must count IP addresses as personal data, as they hold the ability to match the address to your personal details. In fact, any company capable of extracting identifying data from your IP address must count it as personal data… You see how it gets complicated?!
The disagreement over how IP addresses fell under data regulations continued for some time, and the new release of the GDPR classified them as “online identifiers” under personal data, see the following from the ICO:
‘Online identifiers’ includes IP addresses and cookie identifiers which may be personal data.
Though this uses the term “may be”, we recommend it is always safest to assume IP addresses fall under the category of personal data when they pertain to an individual. Therefore, to track, gather and use them, you will need to ensure you’re working under the correct legal requirements for personal data processing e.g. lawful basis of processing (GDPR).
Static vs dynamic IP addresses
Another difficulty surrounding the discussion of IP addresses and IP address tracking under data regulations stems from the 2 different types of IP address – static and dynamic. Static IP addresses are constant, meaning whenever the device in question connects to the internet, it will always use the same IP address. This makes for a secure and speedy connection but is easier to track. These IP addresses are usually only available on request from an ISP, almost exclusively used by businesses.
A device using a dynamic IP, will change its IP address whenever it connects to the internet. These sorts of IP are commonly used on mobile phones, tablets and laptops, due to their portable nature. These IPs can still be tracked, but it’s very difficult to gain any information from them apart from rough location. Some organizations track these IPs for extra security; banks for example can see a string of dynamic IP addresses from London all accessing the same account, but when there is a login from an IP traced back to the USA or Australia, it could be cause for suspicion.
A large debate was struck surrounding the place of dynamic IP addresses within the bounds of “personal data”– as they are ever-changing and almost impossible to gain data from – do they still count as personal data? The answer to this question has never been fully finalized; but as the ISP could in theory still match a dynamic IP address to the person using it by profiling, it is safest to consider dynamic IP addresses as “personal data”.
In IP address tracking terms, static IP addresses associated with a business are however different. These are classified as business data and therefore, don’t fall under the same requirements as if they were personal data.
What does all this mean for B2B organizations who want to conduct IP address tracking?
We’ll start by easing your mind – for B2B purposes, IP address tracking is legal! The majority of data regulations are not inclusive of business data, such as business name, business address and contact number – this is all considered business information. Business IP addresses fall under this umbrella, meaning they can be tracked and used by B2B organizations, since no personal data is being processed, and no personal profiling can be conducted using the business IP data.
Due to the regulations and questions surrounding IP addresses, the best software in the market will only ever present you with data that is classified as ‘business data’. Lead Forensics for example presents customers with the matched business information but not the actual visiting IP address, acting as an extra precautionary measure to increase IP tracking safety and compliance.
Any dynamic IPs that visit your website are discarded at source, so that you never have visibility of those visits, to further ensure a compliant use of IP address tracking technology.
Beware of any IP address tracking technology vendors that present dynamic IP addresses, or visits by Internet Service Providers (ISP) to you. Any visit by an ISP to your website is likely to be a dynamic IP address, and therefore you run the risk of being served personal IP data, and being in breech of data compliance regulations.
There are a number of low priced IP address tracking software vendors on the market who simply don’t have the technology powering their solutions to ensure that you are consistently served with compliant IP address tracking data. Proceed with caution with these vendors, as if you see an ISP visit on your visitor list, the likelihood is that it would be classified as personal data and therefore you could be in breech of data compliance regulations by having access to that information.
The best way to ensure total data compliance when searching for an IP address tracking solution is to go to the experts (did we mention that Lead Forensics is number one in the market, with 60,000 customers globally?), and use a reputable software with all necessary documentation in place.
We’re here to help…
Lead Forensics is an advanced lead generation solution using IP address tracking to identify the businesses visiting your website. Placing a small piece of code on your website, Lead Forensics monitors the static IP addresses visiting your site, and runs them through a database of business contacts to find a match. Your team can see the name and address of visiting businesses, including the contact details and visit information needed to create an impactful, instant follow up.
We work hard to ensure that our technology is fully compliant with the latest data compliance regulations, we have advisors from advisory bodies around the world who keep us abreast of the latest developments in data compliance, ensuring our technology continually keeps pace with developments in data regulations, so that you can be sure of a compliant solution both now and in the future.
Thousands of B2B organizations worldwide use Lead Forensics to fuel their sales pipeline with high-quality leads, gaining ROI in excess of 8,000%.
Thank you for reading our latest best practice guide on our Marketing Blog – IP address tracking: is it legal in business? We publish fresh content every week, please subscribe for alerts, or come back again for more.
In the meantime, you may be interested to read Digital 101: What is an IP address and what does it mean?
And, if you are interested in knowing who is visiting your website, you can request a demonstration of Lead Forensics here.