Hans-Christoph Steiner <h...@guardianproject.info> @ Wed, 13 Jan 2021 10:27:42 +0100: > The standard log_formats store detailed information which falls under > data regulations like the EU's GDPR and California's CCPA. This merge > request adds a suggested "privacy" log_format that generates logs that > cannot be used to identify users. This has been developed and used by > Tor Project, Guardian Project, and F-Droid.
IANAL, so: Are there any exceptions in EU's GDPR that allow short-stored logs of user-identifiable information? That would seem useful, as *some* logging is useful when detecting and reporting fraudalent activities and for detecting spam. Logs are rotated and are sometimes useful when a data breach happens. I've also seen some examples of ISPs having to store info, that would be classified as user data, for 6 months for detecting illegal activities. See [1]. Again, IANAL, but [0] describes some allowances regarding log data. I agree with adding the privacy option, but is that really a must when dealing with EU customers? Regards! [0] https://www.termsfeed.com/blog/gdpr-log-data/#Storage_Limitation [1] https://en.wikipedia.org/wiki/Data_retention#European_Union _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
