←back to thread

332 points vegasbrianc | 2 comments | | HN request time: 0.398s | source
Show context
diggan ◴[] No.42141994[source]
Correct URL: https://legiscope.com/blog/hidden-productivity-drain-cookie-...

> This situation calls for an urgent revision of the ePrivacy Directive

Shame companies cannot live without tracking cookies, and shame that the blame somehow end up on the regulation, rather than the companies who are the ones who introduce this cookie banner and "massive productivity loss".

You know the best way of not having to put up cookie banners on your website? Don't store PII in cookies. You know the best way of not having to care about GDPR? Don't store PII.

replies(5): >>42142003 #>>42142011 #>>42142019 #>>42142081 #>>42142098 #
r3trohack3r ◴[] No.42142098[source]
> You know the best way of not having to care about GDPR? Don't store PII.

I hear this a lot. As an American that hosts casual personal websites, I can't help but worry that I'm in violation of the GDPR.

For example, my router logs connections for debugging. And my NGinx server maintains server logs for debugging.

These contain IP addresses. I'm pretty sure those are considered PII under GDPR. And there are a lot of things I think that follow from that, things I haven't bothered to look into or implement. Like whatever policies, disclaimers, notifications, request handling processes, etc. that need to be in place to gather those logs.

Whether or not I need a registered agent in the EU to host my website seems to be rather fuzzy too. It seems to come down to how "sensitive" the data I store in my logs are?

Its also not clear to me whether my home router is subject to GDPR if it receives and logs a packet that was sent to it by an EU citizen, regardless of whether there was a public internet service hosted on that router or not.

I mostly choose to not think about these things - but that nagging concern that my entire self-hosted digital presence violates European law does linger.

replies(4): >>42142122 #>>42142320 #>>42145660 #>>42145952 #
1. etaweb ◴[] No.42142320[source]
Actually, all the cases you mentioned does not necessitate any consent from European users as long as you don't send these data to any third party. The only thing is, if you plan to store logs over time, it should be anonymized after 25 months. It's not that bad.
replies(1): >>42142461 #
2. r3trohack3r ◴[] No.42142461[source]
> it should be anonymized after 25 months

Unless traffic volume causes truncation, turns out I’m not compliant!