CircleID

But these exceptions have not stopped the emergence of a host of "whois" Internet sites that apply the general rule that typing in an IP address will generate a name for the person or company linked to it.

Huh? Those "whois" services have been around almost since the first coordinated IP assignments. For more detailed information simply googleing the IP or it's rDNS label is sufficient (unless it is a frequently dynamically reassigned IP).

Internet 'click fraud' can be tracked down by showing that the same IP address is jumping repeatedly to the same ad. Advertisers pay for each time a different person views the ad, so dozens of views by the same person can rack up costs without giving the company the publicity it wanted.

This is only the case with "non-professional" click fraud. Professionals use distributed systems (e.g. bot nets or social networking sites). Identifying "non-professional" click fraud doesn't require any stored IPs. A very simple protection is a hash of client fingerprints like the IP and OS specific TCP behaviour. If a hash is seen too frequently - it may be click fraud or simply a web proxy - should the IPs be logged for further investigation. I think this incident specific logging is already a well regulated right in most legal systems. Thus treating IPs as personal/confidential information wouldn't cause any issues.

The really interesting legal case are not web hosters/click fraud but IP blacklists like spamhouse.org. The problem is that they provide the information not only within one organisation but often to anybody that asks. I'm unaware of any way to effectively anonymous the data while retaining the blacklist function. A simple hash - like the one described above - can be easily reversed even if it was a salted one. There are only a very limited number of IP addresses thus even plain brute forcing requires no special hardware or knowledge.
In a sense the IP blacklists represent virtual credit rating agencies. However the real live agencies in most countries have some kind of written contract. In this case it would be either the client (IP address) or the network provider that is responsible for the IP range. Issue is, spam frequently originates from un-cooperative networks and thus an explicit contract with the blacklist provider is unlikely. An obvious solution would be to switch from a black-list model to a white-list model. However the data gathering for the black-lists can be implemented far easier on a global scale than that for with-lists.