undefined | Better HN

0 pointswink7y ago0 comments

I think you're lumping together too many things.

> I keep telling people - the thing that changes with GDPR is that personal data you handle is now still owned by the person and only in your custody as long as they explicitly allow it. > All of our infrastucture has to change to honour that. If you cannot honour that change, maybe you shouldn't have been handling personal data.

What if I didn't want you to visit my website. Sure, by the letter of the law I am collecting PII (your IP address) but I think I can reasonably argue that it's quite a technical feat for a private layperson to go from "sudo apt-get install apache2" to "removing IP addresses from log files".

Sure, this is tongue in cheek - but most of that panicking I read was people concerned about their personal websites, especially with the "might be taken as professional work stuff just because of ads or you're blogging about tech as a tech freelancer.." - didn't really hear anyone with a company panic.

0 comments

TomasEkeli7y ago

If you didn't want visitors to your site you shouldn't have put it on the web. If you want visitors to your site without any strings attached you should serve the content without grabbing and storing anything about the clients.

This is called the "technician's responsibility" where I come from. To only track/store/process what is absolutlely necessary, in order to not be liable for the consequences when someone you cannot feasibly stop wants to do something untoward with the date (i.e. unconcented analysis, government extraction of data, breaches)

nemothekid7y ago

>If you didn't want visitors to your site you shouldn't have put it on the web.

This feels dishonest. If, for example, I wish to ban certain people by IP Address, your solution is to take my entire service offline?

winkOP7y ago

I disagree on the not puttign it on the web.

I know the "logging by default" comes from a different age of the internet, and I'm absolutely for minimizing data collected - but I'm sticking to my opinion that as long as the default of every internet-facing package is logging IP addresses by default, it's not good that private owners have to face problems or a lot of work because of that.

j / k navigate · click thread line to collapse