It doesn't matter what you consider IP addresses to be, it matters what European regulatory authorities consider them to be.
And yes, many IP addresses can be linked to a specific person. I don't doubt that, by being logged in to Google, Facebook, and a bunch of other services, and by having an ISP that provides a unique IP address per subscriber, that the majority of sites out there that use 3rd party tracking know who I am just by my IP address at any given time.
To be clear, I am only talking about the interpretation of the regulation, not my own considerations.
The article made it sound like IP addresses are always personal data. My point is that, if I run a website and keep generic nginx log files, is it really personable data with regards to my website?
Yes, the ISP can link that IP address back to a person, but if that person came to me as the website administrator and asked for all data held for that person, I would actually not be able to make the connection.
Yes, it is. That you don't necessarily have the ability to make that connection doesn't matter, although if it turns out you have it of course makes matters worse. (This also isn't new under GDPR, current european law interpretation already supports this. See http://curia.europa.eu/juris/document/document.jsf?text=&doc... for the court decision firmly establishing this: Since the visitors provider has the data, and will share this data in some cases, it's possible to establish the link and the dat thus has to be protected accordingly)
Well actually this analysis by White & Case of the same case[1], seems to suggest that it may not be (paragraph “impact on businesses”) personal data if the business has no means of linking the addresses to users.
This is going to be a much bigger problem for Amazon than it is for you personally, so it'll be interesting to see what AWS logs even look like come May 25th. If you don't have consent and a compelling business reason to store this PII then they definitely don't.
To give you one idea of how things will change in a post-GDPR world, I can tell you a story about how things are going in my industry: Most PII is going to be removed from domain WHOIS information.
And yes, many IP addresses can be linked to a specific person. I don't doubt that, by being logged in to Google, Facebook, and a bunch of other services, and by having an ISP that provides a unique IP address per subscriber, that the majority of sites out there that use 3rd party tracking know who I am just by my IP address at any given time.