zlacker

[parent] [thread] 4 comments
1. sleepy+(OP)[view] [source] 2018-09-19 15:33:26
I don't think that is relevant. What matters is that it is transferred to a third-party. And regardless if it is stored in a database, the servers are still processing the data (and maybe storing the log of it).
replies(2): >>Lyndsy+Ka >>SahAss+nf
2. Lyndsy+Ka[view] [source] 2018-09-19 16:50:50
>>sleepy+(OP)
How would you do analytics without the IP address being "transferred to a third party"? Outside of self-hosting, either the user's browser is going to be making a request to the analytics provider (and therefore exposes their IP), or you're going to have to have some sort of proxy mechanism on the site's server that strips that information and sends it from there.

Am I missing something?

replies(1): >>ecnahc+RV
3. SahAss+nf[view] [source] 2018-09-19 17:23:59
>>sleepy+(OP)
At least under GDPR the relevant question is if it is stored and who it is shared with. So if it is not stored/shared then it should be fine legally.
◧◩
4. ecnahc+RV[view] [source] [discussion] 2018-09-19 23:35:47
>>Lyndsy+Ka
It's exactly as you state. This is the problem. The IP address needs to be stripped before storing or sending to anyone else, or it's still something you need to consider as personal data. This matters for GDPR. So in effect, this service still has to adhere to GDPR, because it is in fact receiving IP addresses, regardless of them getting stored or not.
replies(1): >>iDemon+qA1
◧◩◪
5. iDemon+qA1[view] [source] [discussion] 2018-09-20 10:02:24
>>ecnahc+RV
GDPR bores the hole off of me so I haven't done much reading, but I do remember a court dismissing a piracy case recently because 'IP addresses alone are not enough to identify an individual' - how would this play in to this scenario?
[go to top]