|
|
|
|
|
|
by smarx007
1738 days ago
|
|
|
I think this is great as long as you respect GDPR. Tracking is not inherently bad. And I had some pain tracking downloads of our OSS project files, thankfully Eclipse Foundation has some tools for gathering anonymous statistics (I think the term "anonymous statistics" will fare better with the HN crowd than "tracking" or "measure"). Added your service to bookmarks for the next time I need such functionality. However, you seem to have an incomplete understanding of GDPR judging from your homepage. For example, you don't provide a way for people to opt out on your homepage. This may indicate that you are thinking about GDPR in American "PII" terms instead of thinking about "processing purposes" and "personal data" (not necessarily identifiable, such as a 5-star rating for a taxi driver) as intended by GDPR. You can store my home address without my consent if you need it to deliver a book to me. You may not pass my non-anonymized IP address to anyone except your secops (legitimate business need has been explained by EU courts to mean a need to fulfill user's need, not company need, e.g. to show ads). Further down the thread you also discuss the opt-out mechanisms. Again, this is only legal under GDPR for opting out of the kinds of processing you have a legitimate business need for. Things that require a consent may not be worked around with an opt-out. Not a lawyer but a person in EU who sent GDPR requests and complaints to company DPOs and regulators. Hope your service grows well! |
|
|
Fully complying with GDPR is a requirement as we build this out. Our data policies and practices have been thoroughly reviewed by our legal team. If we are doing anything incorrectly with respect to GDPR, it will be promptly addressed.
It turns out that the data we are actually storing about end-user traffic do not meet the criteria that trigger requirements for explicit consent. Scarf also operates a data processor with respect to GDPR, rather than a controller.