Hacker News new | past | comments | ask | show | jobs | submit login

> Failure of interpretation, really: I can't see how any of that could be considered personal data.

Theoretically, you could enter some personal in a free-text field and it would be stored in the log files. I am not saying that people actually would do this, but they could. Now they cannot.




That would not get you into trouble with the gdpr, nor would most common sense things. A bit too paranoid imho.


Can you back it up? Last time I asked an expert, any kind of personally identifiable data that someone would receive would create a liability.


Do you have an email address, or telephone voicemail? If you could get in trouble with the GDPR simply by having the capability of receiving unsolicited personal data, these are legal liabilities, too.


I agree it sounds silly, but I am interested in what the law actually says.


Well, can you? You asked 'an expert'; since the introduction of the gdpr, there was an explosion of 'experts' (even real lawyers) who know absolutely nothing and just read the EU docs line for line to spread FUD (and get clients). And the problem is, that, while the gdpr is EU wide, there are governing bodies per country which all behave different. So your expert in Italy might be completely off the mark about the Netherlands (so, disclaimer, my experts are from the Netherlands and talk about NL).

But, in general, if you want to be 100% safe; just have a static site that collects nothing and logs nothing. No need to nag about it; it makes the internet a better place anyway imho.

In my experience, if you are not frivolously collecting user data and make sure that the personal data you do collect is something you can explain in the line of your business (even if that data is very secret data, but that usually has extra laws/rules on top). And, finally, that you make sure that data is properly stored (encrypted on properly updated servers), you have no issues.

In this case, IF the owner would get an email from the governing body of the country (I think Germany in his case), he would very easily be able to explain the reason for the input and the body can see that he is not asking nor frivolously collecting user identifiable data. If people choose to enter it, for some reason, en masse, in his site, then they would ask him to throw it away when it comes (so in his case, don't log it, but why was it being logged anyway?) in and that's it. No fines, no nothing.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: