The Register has a story on a fascinating legal analysis by Chris Pounder of Amberhawk Training (report here, pdf) as to how identifying yourself as being the individual associated with a particular IP address might be used to force companies such as Google and Yahoo to treat your data as being under the UK Data Protection Act. According to the report:
According to the report’s overview (but see CORRECTION, below)
In outline, an individual user can, at any time, send an Internet service provider his name, address, time the service was used, and any relevant URL, reference number or IP address associated with that user session. If this information is sent, then the service provider possesses all the identifying information needed to link any related service data or profiling data derived from a user session to that individual. That individual has become unambiguously identifiable and any further processing of the personal data related to the user session will engage the usual data protection obligations.
As more and more users of a service send a service provider these details, there will become a threshold of user contact after which a service provider should assume that personal data are processed on ALL users of a service without the need for user identifying information to be sent. This is because the rate of user contact is such that a service provider can anticipate that he is likely to be sent the identifying information about an individual user.
CORRECTION: The correct url for the report is http://www.amberhawk.com/. See Chris’s comment, below, that the first four pages were changed.