The federal judge presiding over Viacom’s (VIA) $1 billion copyright infringement lawsuit against Google (GOOG) and YouTube denied a motion for the pair to produce their source code Wednesday. “YouTube and Google should not be made to place this vital asset in hazard merely to allay speculation,” U.S. District Judge Louis L. Stanton wrote.

Apparently he didn’t feel quite as strongly about the privacy of YouTube users because he felt entirely comfortable turning that over to the media company. And so he ordered Google to provide Viacom with YouTube’s Logging database, which contains:

…for each instance a video is watched, the unique “login ID” of the user who watched it, the time when the user started to watch the video, the internet protocol address other devices connected to the internet use to identify the user’s computer (“IP address”), and the identifier for the video. That database (which is stored on live computer hard drives) is the only existing record of how often each video has been viewed during various time periods.”

To Stanton such data isn’t a “vital asset,” although the authors of the Video Privacy Protection Act and anyone else with an interest in personal privacy would likely disagree. Said the Electronic Frontier Foundation, “The Court’s erroneous ruling is a setback to privacy rights, and will allow Viacom to see what you are watching on YouTube. We urge Google to take all steps necessary to challenge this order and protect the rights of its users.”

And Google will almost certainly do that. But it may have its work cut out for it, because in this case it’s fighting not just Viacom and the presiding court, but itself. You see, in granting Viacom’s request for YouTube’s Logging database, Stanton cited Google’s own argument that IP addresses aren’t always personal data. “Defendants argue that the data should not be disclosed because of the users’ privacy concerns, saying that ‘Plaintiffs would likely be able to determine the viewing and video uploading habits of YouTube’s users based on the user’s login ID and the user’s IP address,’ ” Stanton wrote. “But defendants cite no authority barring them from disclosing such information in civil discovery proceedings, and their privacy concerns are speculative. Defendants do not refute that the ‘login ID is an anonymous pseudonym that users create for themselves when they sign up with YouTube,’ which without more ‘cannot identify specific individuals,’ and Google has elsewhere stated:

We … are strong supporters of the idea that data protection laws should apply to any data that could identify you. The reality is though that in most cases, an IP address without additional information cannot.”

–Google Software Engineer Alma Whitten, Are IP addresses personal?, GOOGLE PUBLIC POLICY BLOG (Feb. 22, 2008)

Ironic, no?

That will no doubt come as a shock to Google (GOOG), Yahoo (YHOO) and Microsoft (MSFT), who all retain search data for a year or more. But it can’t be nearly as shocking as the Working Party’s recommendation that IP, or Internet Protocol, addresses be protected as personal information, a requirement that, were it to be implemented, could interfere with their ability to deliver relevant ads.

From the Working Party document:

A key conclusion of this opinion is that the Data Protection Directive generally applies to the processing of personal data by search engines, even when their headquarters are outside the EEA, and that the onus is on search engines in this position to clarify their role in the EEA and the scope of their responsibilities under the Directive.

“This Opinion concludes that personal data must only be processed for legitimate purposes. Search-engine providers must delete or irreversibly anonymize personal data once they no longer serve the specified and legitimate purpose they were collected for and be capable of justifying retention and the longevity of cookies deployed at all times. The consent of the user must be sought for all planned cross-relation of user data, user-profile enrichment exercises. Web site editor opt-outs must be respected by search engines and requests from users to update/refresh caches must be complied with immediately. The Working Party recalls the obligation of search engines to clearly inform the users upfront of all intended uses of their data and to respect their right to readily access, inspect or correct their personal data.”

… For Google, privacy did not begin and does not end with our acquisition of DoubleClick. And we believe that privacy for legislators, regulators, privacy groups and other stakeholders shouldn’t begin or end with Google. Privacy is a serious issue that spans several industries from financial services to entertainment to e-commerce, and that ought to be addressed holistically in the interest of individuals throughout Europe and the world. One particular company–and certainly one particular merger–should not be singled out.”

–Peter Fleischer, Google’s Global Privacy Counsel

The Federal Trade Commission’s decision to approve Google’s proposed $3.1 billion acquisition of online ad-serving vendor DoubleClick without condition hasn’t exactly elicited resounding calls of huzzah! from the European Union. On the contrary, European parliamentarians seem out to spoil the deal.

At a hearing before the European Parliament’s Civil Liberties Committee to discuss the legality of search companies’ privacy policies, talk quickly turned to the acquisition and its potential impact on citizens’ online privacy. Seems a few of the EU’s top privacy regulators feel that IP, or Internet Protocol, addresses should be protected as personal information when they can be used to identify an individual on a computer network. Google, which uses IP addresses to identify users’ geographical location, among other things, disagrees.

After first upbraiding the committee for attempting to shoehorn a privacy case into a competition law review, Peter Fleischer, Google’s Global Privacy Counsel, pointed out that IP addresses aren’t always personally identifiable. “There is no black or white answer: Sometimes an IP address can be considered as personal data and sometimes not,” he said. “It depends on the context and which personal information it reveals.” And this is true to some extent, but becoming less so as we move toward Internet Protocol version 6 (IPv6).

Of course, were IP addresses to be categorized as personal information, Google would have a more difficult time delivering relevant search results and, more importantly, ads. Which, as Dutch parliamentarian Sophie in ‘t Veld pointed out is the real reason Google is arguing so vehemently against treating IP addresses as sensitive personal data. “The reason you want to have the data is because it gives you a competitive advantage,” she said. “It is business. I don’t think they can be completely disconnected. And we should discuss that side of things too. … Having that much information is market power.”