What is IP-tracking and how does it work?
IP-tracking is a technique that allows you to identify website visitors based on their IP address. Every internet connection has a unique IP address linked to a network. For B2B companies, this means: if a visitor views your site from a business network, you can use that IP address to determine which company this person works for.
The crucial difference lies in what you identify. Business identification works at the organisational level — you see that “Company X” visited your website, but you don’t know who exactly. This happens entirely at the network level, without storing data on the visitor’s device. It’s fundamentally different from cookies or fingerprinting, which can collect personal information.
When do you need consent for tracking?
Whether you need consent depends on two important European laws: the Cookie Directive (ePrivacy) and the GDPR (General Data Protection Regulation).
For cookies: you almost always need explicit consent before placing them. This is due to the Cookie Directive. However, IP-tracking without cookies falls under GDPR, and different rules apply. GDPR permits identification based on legitimate interest (Article 6(1)(f)) — provided you only collect business data and no personal information.
The distinction between B2C and B2B is essential here. In B2C tracking, you often collect information about individuals. In B2B identification, as Leadinfo does, you exclusively identify companies. This makes it possible to operate within GDPR without cookie consent.
How does Leadinfo work without consent?
Leadinfo identifies companies completely cookieless. That means: no cookies, no fingerprinting, no personal data. The technology analyses network metadata and compares IP addresses with a European business database. The result? You see which companies visit your website, but you never see individual persons.
This works on the basis of legitimate interest. GDPR permits this because no personal information is processed. Additionally, Leadinfo meets three crucial compliance requirements:
- EU-only hosting — all data is stored in Ireland and Frankfurt, never in the US
- ISO 27001:2022 certification — audited annually by LRQA
- Opt-out option — any company can unsubscribe through a transparent process
Want to know more about how Leadinfo works completely cookieless? This makes the difference between tools that require consent and tools that don’t.
Which IP-tracking tools are GDPR-compliant?
Not all IP-tracking tools are equal. Some tools claim to be GDPR-compliant but still use cookies or store data in the US. Here’s a checklist to assess whether a tool is genuinely safe:
- Cookieless technology — no cookies = no cookie banner needed
- Business data only — identifies organisations, not individuals
- EU hosting — data remains within Europe (Schrems II-compliant)
- ISO 27001 or equivalent — proof of security standard
- Transparent opt-out — companies can unsubscribe
Red flags:
- “We track anonymous visitors” (this implies personal identification)
- “Fingerprinting technology” (fingerprinting isn’t permitted without consent)
- “Data storage in the US” (Schrems II issue)
- No clear privacy documentation
The end of third-party cookies has forced many tools to change. Learn why cookieless is becoming the new standard.
Privacy and transparency: your responsibilities
Even if you use a GDPR-compliant tool, you still have responsibilities as a website administrator. Transparency is central to GDPR. This means concretely:
1. Update privacy statement
State in your privacy policy that you use business identification. Explain what data you collect (company name, IP address, page visits) and on what basis (legitimate interest). Refer to the option to object.
2. Provide opt-out option
Companies must be able to unsubscribe. With Leadinfo, this happens via a central opt-out page. When a company opts out, their IP address is blocked within 48 hours.
3. Consider DPIA
If you conduct large-scale processing or serve sensitive sectors (healthcare, government), a Data Protection Impact Assessment (DPIA) may be mandatory. Discuss this with your data protection officer or legal adviser.
4. Communication with visitors
Although you don’t need a cookie banner for cookieless tracking, it’s good to inform visitors. A simple mention in the footer or privacy page suffices.
Key insights
IP-tracking without cookies is permitted under GDPR, provided you only identify business data and are transparent about your methods. Business identification falls under legitimate interest (Article 6(1)(f) GDPR) and doesn’t require explicit consent.
The key to compliance lies in three factors: cookieless technology, EU-only hosting, and transparent opt-out options. Tools that collect personal data, place cookies, or store data outside Europe always require consent.
With Leadinfo, you identify companies visiting your website — fully GDPR-compliant, without cookies, and with ISO 27001 certification. You gain insight into which organisations show interest, without violating individual visitors’ privacy.
Frequently asked questions
Can you collect IP addresses without consent?
Yes, if you only identify business information and don’t collect personal data. This falls under legitimate interest according to Article 6(1)(f) GDPR. You may not track or identify individual persons without their consent. Business identification based on IP addresses is permitted because it concerns organisational level, not personal level.
What’s the difference between cookies and IP-tracking?
Cookies store data on the visitor’s device and can track personal preferences and behaviour. IP-tracking analyses network metadata without storing anything on the device. Cookies fall under the Cookie Directive and almost always require consent. IP-tracking without cookies can operate under legitimate interest, provided you only collect business data.
Which tools do require consent?
Tools that place cookies, collect personal data, or use fingerprinting always require explicit consent. This also applies to tools that store data outside the EU or can identify individual users. Analytics tools like Google Analytics (with cookies) and social media pixels fall under this category.
How do you ensure GDPR compliance with IP-tracking?
Choose a cookieless tool that only identifies companies, host all data within the EU, be transparent in your privacy statement, and provide a clear opt-out option. Ensure your tool is ISO 27001 certified or has an equivalent security standard. Verify that the tool is Schrems II-compliant and doesn’t send data to the US.
Start with GDPR-compliant business identification
Want to know which companies visit your website, without cookie hassles or consent requirements? Start your free trial with Leadinfo today. Live within 5 minutes. No credit card required, no cookies, fully GDPR-compliant.
