Hacker News new | comments | show | ask | jobs | submit login

> the IP adress in the log files alone is considered potential personal data

Stop logging the IP address then. Hopefully default settings in web servers will change.

> What kind of online business can reasonably be done without using an email adress, if only for login/resetting password if lost?

That means you have a legitimate interest, so long as you don't send marketing emails to those addresses, or sell them, and so long as you delete them if someone deletes their account.

> How does for example a small yoga studio’s email list fit in your examples?

If someone signs up to your email list, they've consented to receiving emails. Just don't sell the list, and remove people if they unsubscribe.

The only real complication (if you're in the UK, I don't know about other countries) is that there is a fee to register as a data controller. https://ico.org.uk/for-organisations/data-protection-fee/




Ip adresses are needed for security anslysis in case of attacks, for example.

the thing is not about doing what you propose but that however you‘re doing it, you have a lot of bureaucracy and legal insecurity right now.

The examples of wrongdoing you give should be leading to hard measures. But those with good intentions shouldn’t have high bureaucracy costs.

To be clear: i don’t say these laws shouldn’t exist. They just should have been targeted at the actual wrongdoers and put smallest possible burden on all with no bad intentions.


> Ip adresses are needed for security anslysis in case of attacks, for example.

Then you have a legitimate need for the data, so store it for a reasonable length of time and then delete it.


>Ip adresses are needed for security anslysis in case of attacks, for example

People repeat this a lot, but it sounds like complete nonsense.

Why does your business need to perform “security anslysis in case of attacks”? Do you get paid to do that? Why would you need IP addresses for that?


One obvious case is DoS attacks. Rudimentary attacks can be mitigated by blocking IP addresses of the attacker.

Another example is logging requests to secure sections of the site and/or server and perform IP blocks on fishy activity.


You can do that with a hash of the IP.


How would this work? You can't just sha256 IPs as that'd be trivial to reverse, no different from storing the plaintext.

I don't see why the IPs would ever have to hit the disk for this purpose, just keep them cached in RAM for a few minutes.


Salt the hashes, perhaps use PBKDF2. The problem is solved for passwords, just treat IPs like low entropy passwords.


there's only 4 billion possible IPs, you can reverse the entire search space in a few hours

the only way round this is to make the webserver spend a non-trivial amount of time running some derivation function on the IP for each and every request (remember you can't cache the result if the entire point is not to store the IP)


And all that stuff is super complex... for a number which is not person bound and personally identifying in the furst place. Only with a lot more effort. So my critique is, the lawmakers should have made actions to use ip‘s to identify persons illegal, but not storing ips themselves.


IP is person bound and personally identifying, in a lot of countries you can trace back an IP to a list of people and with an additional information like a last name or a timestamp you can fairly reliable identify a single person.


How would all these things be legal just because an IP in a logfile isn’t?


Largely they aren't. It's not important that they are legal or illegal.

The problem is that it's possible and that is where the GDPR hooks in.


It’s probably also possible to identify people based on the combination of their car color, built timestamp, model and specifically ordered extras. Shall storing these, without a name, be made illegal then and forcing someone to save these in a database to hire a lawyer to ubderstand their legal position? Just because if the name is added to such a database of cars produced, it will be personal identifying?

Put another way:

If the goal is to prevent certain actions by making them illegal and a given boundary can already ensure that, whats the point in widening that boundary even more?


>If the goal is to prevent certain actions by making them illegal and a given boundary can already ensure that, whats the point in widening that boundary even more?

Atleast in germany the boundary has not been widened and most corporations seemed to operate just fine.

> Just because if the name is added to such a database of cars produced, it will be personal identifying?

When you add data to your database you'll have to consider this, yes.

Privacy under the GDPR means that you evaluate whether or not it is necessary to store such data.

Why? Because the GDPR is not only about the present but also about potential problems. If your database gets breached and someone runs of with the data, the GDPR seeks to ensure that the data contained is the absolute minimum necessary and does not threaten the privacy of the users if possible.

Put another way:

Under GDPR you do not own data like car color, built, model, extras. People give you stewardship of the data and you are responsible for it. It is your task to protect it. Protecting people's data is easier when you don't have as much of it.


> Stop logging the IP address then. Hopefully default settings in web servers will change.

But in legal matters, you need to identify people and have some kind of audit trail, especially if they tried to breach your system. That makes no sense.


Depends what's on the site. If it's just a static site, there isn't a lot of point trying to investigate a breach, just fix the changes and move on.


Why stop at IP addresses then?

If IP addresses in logs are necessary for audit trails, why aren’t fingeprints?


You put it to a total overexaggerated extreme here.

That doesn’t help.

IP adresses are not 1:1 assigned to a person for a whole lifetime, fingerprints are.

Only with a lot additional effort and connection to other databases, IP adresses can actually be connected with a person, but only for an uncertain period of time, finding out this timespan, and ensuring it’s really only exactly this one person requires even more effort.

So a properly crafted law would have made all these efforts illegal, and put high fines on them, but not the decades old practice of storing ip adresses in logfiles.


Why do you need to store IP addresses in log files?

I understand audit logging for authenticated users, but that's hardly a general case.


Why are ip adresses even considered personal data? They aren’t for most people and situations, unless a lot if other activities are done. All of which would be already illegal without consent by the law. The ip adress i write this from changes every day, and nobody can know if i share it with someone or not.

I want to be protected from marketing firms that sell my email adress , and everyone who uses it to send me mails for whatever product to buy judt because i entered it for some totally different reason. Those shall be fined with 5 figure amounts.

I don’t see how my(and my housemates/office colleagues etc) ip in the logfiles of the webserver which a small business rented for 3€ to upload 3 html filed can be abused (without storing my email and name without consent which is actual personal data and therefore illegal) and i dont want my hairdresser, car mechanic etc be in need to consult a lawyer to understand all that stuff and have a day worth of bureaucracy and adfing a “we have your current ip in the logs” note just because they want me to be able to google their street adresses.

The law is simply not well crafted for no use if the latter is the case.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: