In a court of law it does not matter how it is seen, what matters is what can be proved. If the prosecutor cannot explicitly prove that something is personal data by showing how an individual is identified by data being processed they will not even attempt to take it to court and this is not just IP addresses.
I really do not wish to have an argument or upset anyone. As I deal with churches and charities who don’t have the finance to hire legal teams, I have attended a specific seminar on GDPR and also had extended telephone conversations with the information Commissioners Office (ICO) to help those I advise. So far no explicit evidence has surfaced regarding IP addresses. The clearest is that in some situations they will be personal information depending on what other information is processed alongside it and in other situations they will not be personal information as no one can be identified.
The only thing I am trying to mitigate here is the creation of panic for developers when there is no reason to panic. I appreciate that the interpretation of the GDPR is far from harmonious and that the web is awash with scaremongering, but I would advise anyone looking to implement GDPR, to ensure that they have looked through the very helpful ICO website and call them where you have any issues of doubt, they are extremely helpful. I would also encourage that you don’t get fixated with IP addresses, but look at the broader issue which is personal information. This in the end will lead you to more helpful decisions in what changes you need to make.
The question I keep asking when creating websites is: “Who can be identified by this data?” If the answer is no one it does not fall under the GDPR, but if I can prove a specific individual is identifiable by the information I am processing it does fall under GDPR.
The ICO website is here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
Their contact details are here: https://ico.org.uk/global/contact-us/
My phone calls last week had about a 30-40min wait so it might be an idea to list your questions.
I’m assuming that other EU member states have similar language specific websites and contact information.