If you're conducting online surveys, chances are your survey platform is collecting IP addresses, often without you having to think about it. For market researchers, social researchers, and program evaluators, this raises an important question: how do we handle IP address data in a way that's both ethically sound and practically workable?
The good news is that with clear protocols and transparent communication, IP address collection can be managed appropriately. Let's walk through what you need to know.
Understanding the Context
The 2025 National Statement on Ethical Conduct in Human Research and the Privacy (Market and Social Research) Code 2021 both require us to think carefully about what data we collect and why. IP addresses occupy an interesting space in this landscape. They're automatically captured by most survey platforms, they're genuinely useful for quality control purposes, but they may also be considered personal information under the Privacy Act 1988 (Cth).
The key to managing this well is understanding why you're collecting IP addresses in the first place, and ensuring you have clear processes for handling and deleting them appropriately.
What the National Statement Tells Us
The 2025 National Statement takes a nuanced approach to identifiability. In Chapter 3.1, Element 4, it acknowledges that identifiability exists on a continuum. Information isn't simply "identifiable" or "not identifiable." The context matters significantly.
A few provisions are particularly relevant here:
Paragraph 3.1.39 recognises that removing personal identifiers isn't always ethically required:
"Some research projects may legitimately require the retention of personal identifiers; for example, to link information or data from a number of different sources or to return results to participants."
Quality control is a legitimate purpose for temporary retention of identifiers. Activities like detecting duplicate responses, identifying potential bot traffic, and ensuring data integrity all require some form of response tracking, and IP addresses provide a straightforward tool for this purpose, especially when used alongside other metadata and indicators.
Paragraph 3.1.40 guides us to:
"...adopt methods to reduce the risk of identification during collection, analysis and storage of data and information..."
including approaches like:
"...separation and separate storage of identifiers and content information."
This gives us a clear pathway:
- Collect IP addresses when needed for quality purposes;
- Use them for those specific checks; then
- Delete them before your substantive analysis begins.
Paragraph 2.2.6(f) reminds us that consent processes should explain "how privacy and confidentiality will be protected." If you're collecting IP addresses, participants should understand what you're doing with them and when they'll be deleted.
Privacy Law Considerations
Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), an IP address is considered personal information if it can reasonably identify an individual. Whether it actually can do this in practice depends on several contextual and technical factors:
- Dynamic IP allocation: Most internet service providers rotate IP addresses regularly. The IP address assigned to a participant today may belong to someone else next week.
- Shared addresses: Mobile networks and public WiFi often use network address translation (NAT), meaning multiple users share the same public IP address.
- Virtual Private Networks (VPNs) and privacy tools: Many participants use services that mask their actual IP address.
- Geolocation limitations: IP-based location tracking typically resolves to the ISP's infrastructure location, not the user's actual physical location.
In practical terms, tracing an IP address back to a specific individual would require ISP cooperation (which typically requires a warrant) and precise timestamp correlation. It's theoretically possible but highly impractical in most research contexts.
That said, "impractical to identify" doesn't automatically mean "not personal information." The Office of the Australian Information Commissioner has been clear that if information could reasonably identify someone, we should treat it as personal information. This is the prudent approach, and is consistent with the Australian Privacy Principles.
Is automatic IP collection reasonably necessary for online research?
Our position is that there is a strong case that automatic collection of IP addresses is reasonably necessary on two grounds:
Meeting Quality Control Standards
Many market and social research organisations work under ISO 20252:2019 standards, which require implementing "appropriate quality control procedures." While the standard doesn't prescribe specific methods, detecting duplicate responses and fraudulent entries is fundamental to maintaining data quality and research integrity.
IP addresses, when reviewed alongside other metadata (like response patterns, timestamps, and broad location indicators), provide a practical tool for identifying:
- Multiple submissions from the same source
- Bot traffic and automated responses
- Survey farming operations
- Patterns that suggest coordinated fraudulent activity
Achieving quality control without IP addresses is potentially possible, through alternative methods like device fingerprinting. However, these alternatives often raise their own privacy considerations and aren't available across all survey platforms. For the example of device fingerprinting, there is a prima facie argument that this would be more identifiable, and many device fingerprinting algorithms utilise IP address as part of their design.
Acknowledging Platform Realities
Many widely-used survey platforms, including Qualtrics, SurveyMonkey, and LimeSurvey, collect IP addresses as part of their default operation. In some cases, this collection can't be disabled without affecting core platform functionality.
Rather than viewing IP collection as an insurmountable barrier to ethical online research, the practical approach is ensuring these data are used appropriately and deleted at the earliest reasonable opportunity.
A Practical Framework for Managing IP Addresses
Here's a straightforward approach that balances quality control needs with privacy protection:
1. Accept that your survey platform will collect IP addresses
Most online survey tools collect IP addresses automatically. Rather than fighting against your software, work with this reality and focus on appropriate use and timely deletion.
2. Use IP data only for quality control purposes
Review IP addresses to check for duplicates, identify suspicious patterns, and flag potential quality issues. Where possible, keep IP addresses separated from response content in your data storage.
3. Delete IP data as soon as quality checks are complete
Once you've completed your quality control review (typically after data export from the platform but before beginning substantive analysis) permanently delete all IP address information. In practical terms, this usually means removing IP address columns from your dataset before importing data into your analysis software.
4. Document your process clearly
Include details in your data management plan about when IP addresses are collected, why they're being collected, and when they'll be deleted. Ethics committees and institutional reviewers appreciate seeing this documented.
5. Communicate transparently with participants
Include a clear statement in your participant information materials about IP collection and deletion. We recommend language like this:
"Your IP address is automatically collected by our survey platform for quality control purposes only, to prevent duplicate responses and ensure data integrity. This information is deleted immediately after quality checks are completed and will not be included in any analysis or reporting."
This statement covers the key points of collection, purpose, deletion timing, and non-inclusion in analysis, in plain, accessible language.
When Might Longer Retention Be Justified?
There are limited circumstances where retaining IP addresses beyond immediate quality checks might be defensible:
- Fraud investigation: If you detect systematic fraud during data collection, you may need to retain IP data temporarily to document the issue properly for your institution or research funder.
- Longitudinal studies: You might think IP addresses could help with tracking participants across multiple survey waves. However, given how frequently IP addresses change (particularly on mobile networks), they're actually quite unreliable for this purpose. Proper participant identification systems are a much better approach for longitudinal research.
- Geolocation research: If your research question specifically requires location data at a high resolution (i.e. GPS-type coordinate data rather than a state or postcode), that's a different consideration and warrants separate ethical consideration (we'll be covering this topic in a future resource).
The default position should always be deletion after quality checks. If you're considering longer retention, you'll need to provide clear justification as part of your submission to our ethics committee.
What to Include in Ethics Applications
When you're preparing ethics applications that involve online surveys, it's helpful to address IP collection explicitly:
- Acknowledge that your survey platform collects IP addresses as part of its standard operation.
- Explain that you'll use IP addresses only for quality control purposes, consistent with ISO 20252 requirements where applicable.
- Specify when you'll delete these data (typically "immediately after quality checks are complete, before substantive data analysis begins").
- Include a participant notification statement in your information materials.
- Note in submissions that IP addresses are, in practice, difficult to link to specific individuals given dynamic allocation and shared network infrastructure.
Our ethics committee is comfortable with this approach, particularly when you're clear about the temporary nature of collection and the quality control rationale.
Summary
IP address collection in online research is a bit like recording call metadata in phone interviews. It happens as part of the technical process of data collection, serves a legitimate quality assurance purpose, but isn't part of your actual research/evaluation data.
The National Statement's recognition that identifiability exists on a continuum gives us room to take a proportionate, practical approach. IP addresses are theoretically identifiable but practically quite difficult to link to specific individuals in most research contexts. Collecting them briefly for quality control purposes, then deleting them promptly, represents a reasonable balance between maintaining research quality and protecting participant privacy.
The protocol is straightforward:
- collect (because your platform does this automatically);
- use for quality checks;
- delete before analysis; and
- document the whole process.
When you're transparent with participants about what you're doing and why, this approach aligns well with both the National Statement's principles and privacy law requirements.
If you have questions about how this applies to your specific research and evaluation context, we're always happy to discuss. Managing data collection practices well is an evolving challenge, and getting it right matters for maintaining both research and evaluation integrity and public trust.
AI Disclosure: Initial drafts of the content for this article were prepared using Large Language Models with input from Iris Ethics staff who guided the scope and design. Subsequent revisions and final versions were developed and approved by Iris Ethics staff.