If an IP is PII (it is for my regulated app in many jurisdictions), perhaps every app is at risk as SDKs generally phone home without being first routed through a server of ours.
From what I understand, you can ask for an IP if it is required for the application's functionality, i.e. "due to technical limitations, we need to know where to send the response", but you cannot automatically use it for marketing purposes, i.e. "sell the IP to third-party advertisers which can then build a profile of that IP's site visiting behavior".
Yep. My fintech serves people with bad financial history. If you’re my customer, your credit score is low and you’ve got an active loan. Simply being my customer is PII. We should be guarding IP addresses as PII.
