undefined | Better HN

0 pointsjhgb3y ago0 comments

> Likewise, a GDPR-compliant site can't be operated or hosted by an American because then the operator/host could be logging visitor IP addresses

Because you "could" be logging visitor IP addresses? First, why would you have to log them? Is this a legal requirement in the US? You can't serve a page over HTTP unless you log a crapton of stuff for the government? And second...I don't believe it's illegal to log IP addresses under GDPR as log as the user consents to it...or is it?

0 comments

mminer2373y ago

Yes, the EU says it's illegal if you could be logging them, regardless of whether you are or not.

And yeah, it's not illegal if a user consent to it, but the issue is that the user has to connect (with their IP address) to give you his consent or not. That's why I said theoretically you could use some international service to handle all primary routing and get users to waive their rights under the GDPR before connecting to your website proper, but I'm not aware of such a service at this time.

jhgbOP3y ago

> Yes, the EU says it's illegal if you could be logging them, regardless of whether you are or not.

Wait, what? Where do they say that?

> That's why I said theoretically you could use some international service to handle all primary routing and get users to waive their rights under the GDPR before connecting to your website proper

Why would you do such a complicated thing?

j / k navigate · click thread line to collapse