Comment 16 for bug 1761739

Note, with the current privacy regulations, if Canonical uses consent as the base for submitting this information for collection, I am quite sure it would be against the law to send IP address to a Canonical server when consent is missing. Sending IP address provides time, location and the fact that a given version of Ubuntu is being installed to Ubuntu, and every network sniffing entity on the way like NSA and GCHQ. This set of information is by definition personal information, and by combining the IP address with other sources it is often possible to identify the individual uniquely (for example if the user uses Facebook, log into her email etc). As consent is obviously missing if the user declined to submit the information about his machine, Canonical would have to come up with another basis for the collection. It would be hard to argue it is vital for the operation of the service provided, one of the other options for data collection. It is probably a good idea to check out the GDPR provisions available, to reduce the chance of a large fine.