|
|
|
|
|
|
by pbhjpbhj
2982 days ago
|
|
|
IP addresses aren't PII. If you're capturing IP + real name, or similar (email + real name) then AIUI you'll need to tell people on request who you sell that info to and allow removal. Assuming it's a personal blog then just don't capture any PII. Don't sell it, be prepared to delete a user's comments on request. Don't capture PII without informed consent. Easy, no? |
|
|
I personally think so, but everything I've read about GDPR says they usually now are considered in scope.
Deleting comments is non-trivial. How do I verify that the person requesting deletion is the original commenter? How do I then wipe out every mention of their IP address from all my logs?
These are easily solvable questions for large companies, but overheard for small startups and personal projects.