Holy shit can't you read up before complaining without knowing the details? There is the exception that you may use and store data that is necessary for providing the service. Thus, since ip is necessary for talking to a server, you don't need to explicitly ask for consent. However you MUST NOT do anything else with that IP, like logging it for longer than necessary or tracking users across sites (without consent).
Why do you need to log ip? To prevent abuse? That's ok. For how long? That's up do you to decide, but it must be motivated and documented.
What's so hard to understand? How is this not perfectly reasonable already? Why are you entitled to not respect other's personal data?
Because 1) your analogy is off. People forget, a machine does not 2) GDPR is about privacy; tracking people's behaviour, linking things together without explicit consent is not allowed according to GDPR.
1. If I am writing it down, as my analogy suggests, it is not forgotten.
2. I understand what it's about.
If you want to make tracking people and linking things together illegal, great.
However, my argument in response to the OP intended to illustrate that recording information about someones actions, particularly when it's a party who is part of the interaction creating the recording, does not seem to have some preexisting moral expectation or attached to it.
Hence, to me at least, the GDPR's directives are not objectively reasonable or obvious in some way as suggested by the OP.
I also think forbidding certain uses of the data is more reasonable than to regulate its collection and storage. But yes, that's probably riskier and harder to enforce.
It's ok to take a picture of the street out of your front window
It's not ok to take a picture of everyone that walks in front of your house, timestamped and on top of that you search their picture on Facebook (supposing you could do that) and keep all that info forever
> It's not ok to take a picture of everyone that walks in front of your house, timestamped and on top of that you search their picture on Facebook (supposing you could do that) and keep all that info forever
Why not? It's certainly not obvious why this is the case.
I guess that's a fair question. Two reasons come to mind:
1. If the by-passers where to discover what you've done they might feel violated. This is why there are laws against stalking. Thus in this example it would be all about intent.
2. What if your database leaks? Have you considered that event, the probability of it happening, and the impact? How can you minimize the risk? Is it encrypted? How long do you need to store it for? Can it be anonymized? Do you even need to look up name? Is the potential privacy intrusion proportional to the purpose of collecting the data?
To be GDPR-compliant you must have answered all those questions and documented it.
Why do you need to log ip? To prevent abuse? That's ok. For how long? That's up do you to decide, but it must be motivated and documented.
What's so hard to understand? How is this not perfectly reasonable already? Why are you entitled to not respect other's personal data?