The biggest question is: why do you need indefinite amounts of IP addresses logged? You don't even need to ask yourself if it's compliant or not by just not doing it. The usefulness of ip addresses that old is very limited.
The usefulness of ip addresses that old is very limited.
Either the old IP addresses can be tied to a specific individual, which means they are potentially useful for legitimate security purposes such as helping to identify someone who has previously tried to scam you, or they can't, in which case what is the risk of keeping them around anyway?
> in which case what is the risk of keeping them around anyway?
GDPR wants you to think differently about it: if you want to keep data, ensure that you actually need it. Do not treat data as an asset but as a liability.
We've been careful about what data we collect since day one, long before the GDPR was an issue. We're not doing anything shady with the data we do have, and we actively avoid questionable practices particularly around marketing, where we have ethical problems with being intrusive or compromising people's privacy regardless of any legal constraints. And yet having read the GDPR and much commentary about it, we're still concerned about the potential risks it introduces.
I think it's important to remember that GDPR itself doesn't want anything. GDPR is not a person, it's a set of legal regulations. What matters most about laws is what they actually say. Intent, as has been demonstrated countless times, is secondary.
Now, the people who wrote the GDPR might have wanted people to change their minds or think differently about privacy issues. However, that doesn't make the GDPR itself any less dangerous, and as I've argued elsewhere in this discussion, essentially those same authorities do have form already for being heavy-handed in other areas of EU law, and have caused real damage to plenty of businesses as a direct result.
> We're not doing anything shady with the data we do have
But you can never guarantee that someone else won't do. The biggest issue to user's privacy has traditionally been data breaches. So even if you don't want to do something shady, a data loss might still be highly problematic for users.
I agree that IP addresses are unlikely to be the biggest concern here however.
The biggest issue to user's privacy has traditionally been data breaches.
I'm not convinced that's true, but let's assume it is for the sake of this discussion.
In that case, wouldn't a better approach be to mandate reasonable safeguards to protect against data breaches, and to penalise those who are seriously negligent in that respect?
Otherwise again I think you're aiming at the wrong target. Deleting stale data might have some marginal benefit in terms of privacy in the event of a breach, but the risk and consequences are surely much greater for the organisation that has only recent data but uses admin:admin for their root credentials. Meanwhile, the overheads of updating long-standing logging or backup systems where that older data might lurk to fully isolate everything could easily be among the highest practical costs for compliance, particularly for a lot of smaller organisations.
The biggest issue to user's privacy has traditionally been data breaches.
Peoples lives and most intimate details is going to be stored as bits. Get used to it.
Whether for targeting purpose (Facebook) or personal reasons (Strava). Whether stored on remote servers or home. It wont affect likeliness of data breaches. Focus on good software designs and let programmers design such systems in peace.
All this needed was fine for data breaches. Not the mess called GDPR.
GDPR is designed to not simply accept that "Peoples lives and most intimate details is going to be stored as bits. Get used to it." but instead try to change that.
Changing that is nontrivial, since it requires changing the behavior of everyone handling this data - so, something that can be done only by law. It will restrict Facebook, it will restrict Strava, it will restrict data stored on remote servers and home. While it won't affect likeliness of data breaches, it will affect the impact of data breaches - realistically speaking, many of the breached companies should not have had most or even all of that private data in the first place.
A data breach can't reveal information that you don't store; so a push to ensure that less companies are storing sensitive data, and those who do are storing less of it - that's something long overdue. GDPR is not designed to have people do X, Y and Z so that they can keep doing business as before; it's designed to ensure that many (most?) places where private data is used simply stop doing so.
Not all private data is stored for commercial reasons. People themselves want to store their lives, make use of advancement in IT and improve their lives. Now what about those data ? If its stored in a computer connected to internet then its at the risk of data breaches. Its even easier as a typical user is not capable nor can he detect such attacks (see botneting toasters).
So if the rationale for GDPR to reduce data breaches or to deny private data to future rouge govt, then it fails. Private data will still exist even if its not commercialzed. Its irrelevent who control it (user or company) as long as its connected to internet, there is risk of data breaches.
Unless you propose to go back to storing actual photos in actual albums. ITT im not sure.
> What matters most about laws is what they actually say. Intent, as has been demonstrated countless times, is secondary.
That's different per legal system. In some the text is more relevant. In various others the intend behind the law is very much relevant. I highly suggest to not follow your advice!!
The parent comment is saying we shouldn't rely on the intent of implementors of the law for our continued well being.
Pattern: propose easily misused overly broad law. When people express concern claim that the law is only to deal with problem foo and would never be used to do what it says in plain language. Proceed to do what it says you are allowed to do.
It could possibly be expressed as don't accept intent and goodwill in place of plainly expressed limits on government or regulatory power.
