* Eric Brunner-Williams:
However, Google/DoubleClick claim they have the right to collect PII data and disclose less than their complete data collection policy, and in particular, claim that endpoint identifiers do not tend to identify individuals. Further, they assert a property claim on such collected data.
If IP addresses don't identify anything, why do they collect and keep them? Anyway, mandatory data retention seems to change the consensus whose job it is to retain a certain level of perceived anonymity. Even if the retention policies do not actually change that much, it's usually assumed that the ISPs do no good job at protecting customer identity anymore. (You have to see this in a context where most of the consumer Internet connections change their assigned IP address at least once a day, which explains the old expectation to some degree.) Now that ISPs are out of the loop, the attention turns to folks at higher protocol levels. Some folks probably think that by complaining loadly enough, they might be hosting a Google Privacy Research Center soon, or something like that. *sigh*