very important -> EU Directive 95/46 - IP Adress problem

[mark007]

Hi,

the european directive 95/46/EC (General Data Protection Regulation) is starting on 25.05.2018.

So it is a big problem, if IP adresses are saved in database. We need an option, that IP adresses in database are deleted after 7 days oder that IP adresses are not saved at all.

Thanks in advance!

Mark

[opentype]

What’s the specific paragraph that request is based on?

[mark007]

In Germany it is Art. 5 and Art. 6 DSGVO

IP addresses are personal characteristics (courts judge so) and so you need a consent from members.

The better way is not so save any IP adresses,

[-FP]

These EU regulations... it's almost like someone has a lot of free time over there. Argue whatever you want, they are just plainly annoying. I thought they couldn't get worse after the EURO 4 for motorcycles.

I think this is based on some court rulling stating that IP addresses are personal data in some cases... still annoying.

[bfarber]

Actually, the GDPR was enacted in April of 2016 and goes into effect May 25, 2018, replacing EU directive 95/46. Further, this regulation enacts a single set of regulations that applies to all member EU states, so I'm unclear what specific German regulations you are referencing.

https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

That said, I understand you may have concerns about collecting IP addresses. Could you not make this a required consent point (e.g. in your registration terms and service, your privacy policy, etc.) which you require users to consent to upon registration? We only store the session IP address for guests, which I take to be excluded from the consent requirement since it is necessary to ensure the safety and security of the system.

Some further reading: https://www.ctrl.blog/entry/gdpr-web-server-logs