Option to turn off logging of IP usage data
- Thread starter Kirby
- Start date
I am not a lawyer 
All I know is that WoltLab does have an option to completely turn off IP logging and that they have recently published an article on GDPR where they recommend to turn off logging of IP usage data
https://www.woltlab.com/article/105-umsetzung-der-dsgvo/
There also have been several rulings in Germany that logging IP address usage data is not allowed.
So I think it wouldn't hurt to give the admin an option to do so.
Last but not least, IP addresses are not necessarily always logged in server logs - if you are on dedicated servers you can easily configure them not to log anything at all.
All I know is that WoltLab does have an option to completely turn off IP logging and that they have recently published an article on GDPR where they recommend to turn off logging of IP usage data
https://www.woltlab.com/article/105-umsetzung-der-dsgvo/
There also have been several rulings in Germany that logging IP address usage data is not allowed.
So I think it wouldn't hurt to give the admin an option to do so.
Last but not least, IP addresses are not necessarily always logged in server logs - if you are on dedicated servers you can easily configure them not to log anything at all.
Last edited:
I wholeheartedly agree. Nevertheless, I still think it should be an option for the board admin to turn it off just like there are options for the server admin to turn off logging at the server level.
Wether or not it would be a good idea to do so is really out of scope here, all I am asking for is to give the admin an option to not log any ip usage data.
Wether or not it would be a good idea to do so is really out of scope here, all I am asking for is to give the admin an option to not log any ip usage data.
Board admin is not the same role as the server admin, thus, I believe, this should not be a feature given into hands of board admins. Besides that, WoltLab changes are directed towards permanent logging and not temporary. It's stated multiple times there:
English version: https://www.woltlab.com/article/106-implementation-of-the-gdpr/?l=2
It would've been a big surprise to me if they decided to turn of logging and even recommended that. Afair, XF does not store IPs by default permanently.
That's not true, it's absolutely legal to store any kind of personal data as long as it is absolutely necessary or mandatory from a legal point of aspect.
Cibox
Member
Besides the legal status of IP logging in Germany or European Union, I am with Kirby and would prefer to have the option to disable IP logging.
Data which is not in my hands/databases can't be stolen, copied or what ever in the case the server or forum gets hacked.
And I don't need these information, so why should I store it?
The same with Email addresses, I don't want this information after successful confirmation of the registration.
The lesser personal data I have, the better.
During the last attacks on my forum I had to defend the availability of my forum from server side (Data Center routing reconfiguration, Cloudflare + Bitninja), the storage of IP addreses wasn't helpful.
Data which is not in my hands/databases can't be stolen, copied or what ever in the case the server or forum gets hacked.
And I don't need these information, so why should I store it?
The same with Email addresses, I don't want this information after successful confirmation of the registration.
The lesser personal data I have, the better.
During the last attacks on my forum I had to defend the availability of my forum from server side (Data Center routing reconfiguration, Cloudflare + Bitninja), the storage of IP addreses wasn't helpful.
Last edited:
Martok
Well-known member
How exactly would a user who forgot their password be able to reset it if you didn't store their email address? How would they receive email notifications for conversations, watched forums etc that they would like to receive?
^This.
GDPR does allow for collection and retention of personal data for legitimate purposes, one of those most certainly would be for protection of servers from malicious actions. Another example is client details when it comes to paying tax for businesses. In the UK you have to keep those records for 7 years - in this case HMRC takes precedence over GDPR and that is perfectly fine.
Not at all (unless they are personally known by the admin), but that is purely their problem, just like it is purely my problem if I encrypt all my data and loose the key.
Though there could be options like storing a public key for password recovery, etc.
Not at all. This isn't really a problem, not everybody uses email notifications - some people just turn them off and regularly come online to see if there is smth. new.
It is not (yet) absolutely clear if this would be allowed, but chances are pretty high that it is.
In Germany there are HGB and GoDB which require to keep records for 5-10 years, but the GDPR requires to delete records from customers upon request - it is yet unclear which takes precedence, only time and upcoming court decisions will tell.
https://translate.google.com/translate?sl=de&tl=enu=https://www.benno-mailarchiv.de/dsgvo-und-e-mail-archivierung-von-pulverdampf-und-nebelkerzen
Anyway, all those valid points IMHO don't really matter for this suggestion as it is just about having freedom of choice.
Last edited:
Similar threads
- Question
- Question
