The problem is that more and more companies are using geo-location databases to try and confirm if their users are within a certain area. One example was National Lottery refusing to allow a customer to buy a ticket as he was supposedly outside the UK. We was in Gloucester which is well within the UK! He now has issues with O2's retail on-line shop.
It is a concern when there is wrong data, but I am not convinced this is covered by things like the DPA as it is not really personal. I hope that, in general, an IP address is not personal, but there may be cases where it is.
What bugs me is that there is a definitive database of the country in which all EU IP addresses are located, and that is the RIPE whois. As an ISP we carefully ensure that this is correct (almost all of our IPs are in the UK). If someone wants to know if an IP is in the UK, the whois database will tell them - so why do geo-location companies make up incorrect data? The sort of people that want to use geo-location data are normally advertises who apparently want to offer you "girls waiting for you in Arnold, Nottinghamshire" for some reason :-)
It is also a concern that the National Lottery help page on this (they have one, suggesting this is really a problem) says to contact your ISP. Why on earth would they say that? It is not the ISP telling them that the IP is in another country. Then if you do get hold of them they apparently create some amazing bullshit to try and explain it!
This is what I have just sent to the ICO:-
I am trying to establish the extent to which an Internet Protocol (IP) address and location information which as been associated with the IP address can be considered "personal data", and if this can give rise to obligations on a Data Controller to correct errors. The specific issue is where companies have information supposedly identifying the location of an IP address, and that information is incorrect. We are having trouble getting the information corrected. A specific case we have had recently involves the National Lottery. They incorrectly identified an IP address as being in Guernsey when it is in the UK, and so would not allow access to their web site to make use of their services. We also have the issue with O2 (mobile). I can see this becoming a more and more common problem. In this specific case the IP address happens to be permanently routed to a specific personal computer on a desk in Gloucester and there is an identifiable individual that uses that computer and no other. Does advising them of the name associated with the IP address make the information related to that IP address "personal data"? Would this then allow us to required that they correct this incorrect personal data (i.e. the wrong location information) under the Data Protection Act? Or are they under such an obligation anyway by some aspect of the Act? I look forward to your reply. Adrian Kennard, Director, Andrews & Arnold Ltd