IP address tracking is a popular addition to many digital marketing mixes, helping improve audience understanding and boost lead generation. However, there has been a question surrounding IP addresses and how different governing bodies regard their status within data protection regulations. IP addresses come in many forms, and experts have had difficulties calculating where they best sit within data categories. Data regulations always strive to protect us as individuals, and ensure our data is treated with care and respect, but how does this work for our IP addresses? And what does this mean for businesses using IP tracking?
What is an IP address?
An Internet Protocol (IP) address is a unique identifier assigned to an electronic device, enabling it to connect with the internet and other networks. This assigned IP address allows users to identify and communicate with websites, applications and other devices.
All IP addresses are assigned by your internet service provider (ISP), who procure the addresses from IANA (the internet assigned numbers authority), where all IP addresses are managed and distributed globally. The growing number of electronic devices in circulation has promoted the development of a new IP address format, shifting from a 32-bit number in 4 parts to a 128-bit hexadecimal code in 8 parts. This advancement allows IANA to ensure enough IP addresses can be distributed to support the global demand for increased electronic connectivity and digital dependence.
IP addresses are not new, they have been a vital part of our online world for a few decades now. They enable us to pass data easily between devices and platforms, without the need to download information manually onto a CD or other external storage for transfer.
Using an IP address tracker allows businesses to gain some exciting insights, including the locations of their website visitors, contributing to advanced web analytics. This helps businesses gain a deeper understanding of their online audience, tailor campaigns to better suit their prospects and improve lead generation efforts. They contribute so highly to our digital world, without IP addresses, we would be in serious trouble!
Why the legal questions?
IP addresses remain a questionable topic under data protection regulations, as it’s difficult to find exactly how they fit into laws around classifying and processing data. Here are some of the problems with IP addresses and their place in our data world:
The personal data debate
Each data regulation has a different definition of personal data, but they all follow a similar line. The ICO explains personal data under the GDPR as follows:
Personal data only includes information relating to natural persons who:
- can be identified or who are identifiable, directly from the information in question; or
- who can be indirectly identified from that information in combination with other information.
Though not all countries work under the GDPR, this definition is broad in that many countries see personal data as information pertaining directly to the individual in question, allowing them to be identified. This includes your name, and often detail such as email address, health information and residence. Any data considered personal, must only be gathered, stored, processed and used in accordance with the necessary legal regulations.
IP addresses fall on a fuzzy line; they are individual to your device, so can be tracked back to you. However, an IP address needs to be public in order to work, and without the personal data held by your ISP matching your name with the IP address, there are very few who can discover your details from nothing but an IP. This being said, ISPs must count IP addresses as personal data, as they hold the ability to match the address to your personal details. In fact, any company capable of extracting identifying data from your IP address must count it as personal data… You see how it gets complicated?!
The disagreement over how IP addresses fell under data regulations continued for some time, and the new release of the GDPR classified them as “online identifiers” under personal data, see the following from the ICO:
‘Online identifiers’ includes IP addresses and cookie identifiers which may be personal data.
Though this uses the term “may be”, we recommend it is always safest to assume IP addresses fall under the category of personal data when they pertain to an individual. Therefore, to track, gather and use them, you will need to ensure you’re working under the correct legal requirements for personal data processing e.g. lawful basis of processing (GDPR).
Static vs dynamic
Another difficulty surrounding the discussion of IP addresses under data regulations stems from the 2 different types of IP address – static and dynamic. Static IP addresses are constant, meaning whenever the device in question connects to the internet, it will always use the same IP address. This makes for a secure and speedy connection but is easier to track. These IP addresses are usually only available on request from an ISP, almost exclusively used by businesses and some large home networks.
A device using a dynamic IP, will change its IP address whenever it connects to the internet. These sorts of IP are commonly used on mobile phones, tablets and laptops, due to their portable nature. These IPs can still be tracked, but it’s very difficult to gain any information from them apart from rough location. Some organizations track these IPs for extra security; banks for example can see a string of dynamic IP addresses from London all accessing the same account, but when there is a login from an IP traced back to the USA or Australia, it could be cause for suspicion.
A large debate was struck surrounding the place of dynamic IP addresses within the bounds of “personal data”– as they are ever-changing and almost impossible to gain data from – do they still count as personal data? The answer to this question has never been fully finalised; but as the ISP can still match a dynamic IP address to the person using it in their records, and data regulations don’t separate static and dynamic IPs in their stance, it’s again safest to assume IP addresses are classed as “personal data”- irrelevant of their static or dynamic status.
What does all this mean for B2B organizations who want to track IP address locations?
We’ll start by easing your mind – for B2B purposes, IP address tracking is legal! Many data regulations are not inclusive of business data, such as business name, business address and contact number – this is all considered public. Business IP addresses fall under this umbrella, meaning they can be tracked and used by B2B organizations.
Due to the regulations and questions surrounding IP addresses, tools that track them for business benefit do not reveal the visiting IP addresses to the user, acting as an extra precautionary measure to increase IP tracking safety and compliance. Instead, these tools extract the necessary data then discard the IP address, ensuring IP tracking is never used maliciously. The tools are only able to extract valuable data from static IP’s used by businesses – any visiting IPs not pertaining to businesses (and therefore not providing any B2B data) are instantly deleted. This ensures B2B organizations can legally continue to gain advanced website analytics, improve campaign success and lead generation, thanks to IP address tracking.
The best way to ensure total data compliance when searching for an IP tracking solution, is to go to the experts, and use a reputable software with all necessary documentation in place. That’s where we come in…
Lead Forensics is an advanced lead generation solution using IP tracking to identify the businesses visiting your website. Placing a small piece of code on your website, Lead Forensics monitors the IP’s visiting your site, and runs them through a database of business contacts to find a match. Your team can see the name and address of visiting businesses, including the contact details and visit information needed to create an impactful, instant follow up. We are proud to produce a fully compliant solution, working with you to ensure all data regulations are consistently met with ease.
10,000 B2B organizations worldwide use Lead Forensics to fuel their sales pipeline with high-quality leads, gaining ROI in excess of 8,000%. Find out more – book your free demo today!