undefined | Better HN

0 pointsfloatingatoll7y ago0 comments

That makes a valid point: You should open a bug with Apache to remove IP address and User-Agent from the default log formats, as they should not be logged by default or else GDPR issues arise.

0 comments

Hamuko7y ago

You can log IP addresses if there is a legitimate use for them. You just need to ensure that they are protected and that you do not keep them for any longer than is necessary (= use logrotate).

GordonS7y ago

As someone who both owns a small business and is a consumer, this seems completely reasonable to me.

The GDPR has really made me think about minimising the collection of data that I don't need - absolutely a good thing.

floatingatollOP7y ago

Logging them by default is a silent opt-in to a scenario where you are legally obligated to protect data you may not even know exists.

Anyone whose software logs IPs by default should stop, so that the admins who choose to log IPs must voluntarily choose to log protected information and handle it appropriately.

j / k navigate · click thread line to collapse