On Thu, 21 May 2020 at 09:47, Michał Górny <[email protected]> wrote:
> > Option 1: IP-based limiting > =========================== > Preface this with IANAL, check with your own legal counsel... While IP address based methods might be attractive technically, do remember that an IP address is considered Personally Identifiable in European Data Protection law. The fact submissions require an action by the user will probably be sufficient to be explicit consent, any system storing these details should allow for the use to revoke their consent: If you collect anything personally identifiable, you will need to provide a mechanism for users to request the removal of all their submissions. Tread carefully with this project. :)
