undefined | Better HN

0 pointslima8y ago0 comments

As long as you're just "responding to HTTP requests", there's nothing to worry about and the GDPR does not apply.

It's when you start collecting personal data on EU residents, send their personal data to third parties for analytics/targeted advertising, and so on, that things get interesting.

0 comments

3 comments · 3 top-level

zmmmmm8y ago

I can't think of any web server that doesn't log ip addresses by default, and I think it's been established that satisfies the GDPR threshold test for personal data. So while what you say is true, I think you're being a little bit deceptive when you say 'As long as you're just "responding to HTTP requests"' because all practical and established means of doing that violate the GDPR by default.

3 more replies

wepple8y ago

My understanding was that an IP address is considered personal information under GDPR, which would put it in your class #2

garmaine8y ago

So if your dating site matches gay couples should you expect fines or worse if a Saudi expat uses it?

j / k navigate · click thread line to collapse