Here is a question about the use of IP Addresses used by Companies, Websites, Social Media and others admittedly, to avoid the GDPR and blocking access to EU Citizens. Is this a GDPR violation of using Personal Data (IP Addresses) without the EU Citizens Consent?
GDPR Personal Data
The term ‘personal data’ is the entryway to application of the Data Protection Basic Regulation and is defined in Art. 4 para. 1 no. 1. Personal data are all information which is related to an identified or identifiable natural person.
Also, written answers from a test-taker and any remarks from the test about these answers are “personal data” if the test-taker can be theoretically identified. The same also applies to IP addresses. If the processor has the legal option to oblige the provider to publish additional information which can identify the user who is behind the IP address, this is also personal data. In addition, one must note that personal data need not be objective.
Recital 30 Online identifiers for profiling and identification*
1 Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. 2 This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.