I'm making a satistics program in PHP but do i need to notify the user that i am storing their Ip address? I've converted it to an INT with ip2long but i am not sure if it is allowed without notification or a privacy statement on your site.
In short: Is it allowed to Save the visitors IP without their knowing?
An IP address in isolation is not personal data under the Data Protection Act, according to the Information Commissioner. But an IP address can become personal data when combined with other information or when used to build a profile of an individual, even if that individual's name is unknown.
In the hands of an ISP an IP address becomes personal data when combined with other information that is held – which will include a customer's name and address. In the hands of a website operator, it can become personal data through user profiling. Most sites do not profile their users using IP addresses. They typically use IP addresses for demographic purposes such as counting visitors, their countries of origin and their choice of ISP. Their organisation might also be identifiable.
Sites typically gather statistical data about the path that users take through a website and the page from which they left the site. Banking websites might also use IP addresses as a security measure – for example, if a customer regularly accesses his account from an IP address in London, access to that customer's account from an IP address in Moscow might indicate fraud. The most common privacy concern surrounding IP addresses is their use in marketing. A visitor's path through a website could be followed and any adverts that are clicked can be identified. On the next visit, that user could be shown ads that are similar to those he clicked on the previous visit. But this fails when the user has a dynamic IP address: the user will be unknown.
Other alternative would be:
Accordingly, most websites prefer to use cookies to track users for personalised marketing purposes in preference to IP addresses. A cookie is a small text file that is sent from a website to a visitor's computer. The cookie file can be used to identify an individual and a website operator can build a detailed profile of that person's activity at its site. Users can set their web browsers to refuse cookies but most users accept them, often unwittingly.
I may be wrong but since IP is not a personal data and since you are just using it for demographic purposes, you don't have to notify the users about it. The process is pretty much legal, and almost all websites are using this for tracking purposes.
