Take-Aways (AI)
- Forward-looking planning for IPv6 introduction: check privacy extensions and inform affected users.
- Inform users clearly about the data protection risks of IPv6.
- Identification must not take place automatically via IP address; login or explicit cookie permission required.
- Activate privacy-friendly settings by default; activate privacy extensions in operating systems ex works.
The FDPIC has – already on June 7, 2016, but on the status of May 2016 -. on the subject of data protection and IPv6. It recommends the following measures:
- To avoid data protection problems when introducing IPv6, it is important to plan ahead (check whether the privacy extensions are set in the operating system, inform affected users). This applies to Internet use by private individuals as well as by companies and public administrations.
- Users must always be informed in a comprehensible manner about possible data protection risks in connection with IPv6.
- The identification of the user must not be done automatically through the IP address, but through a login or explicit permission of cookies
- Measures to eliminate data protection risks must be able to be taken in a simple manner. Wherever possible, the privacy-friendly setting is to be selected as the default (privacy by default)
- Privacy Extentions are to be implemented in all common operating systems and activated ex works.
By “privacy extensions”, the FDPIC means a procedure for anonymizing IP addresses.