[Jon_Lowtek]

concerning the fuzzy line: log messages shouldn't include personal data (and in sentries defense they are trying to be helpful when it comes to that) Yet many people prefer to throw everything into the logs, arguing that much helps much and debugging without data is horrible. And suddenly the logs become a rich data swamp, and all that is needed is a nicer interface. So a lot of analysis that would otherwise require specific implementations or even user consent instead becomes data analysis of debug logs. That creates more incentive to throw everything into the swamp. And it makes it easier to forget its personal data: "If it's in the logs, i am not accessing the database i need permission to access." A lot of questionable personal data processing can be moved to the backroom of the backend, but that doesn't make the processing less questionable, just makes it easier to hide it from those subject to it, making it more illegal. Which is what i am warning about.

EU privacy regulations focus the purpose of personal data processing. If a company makes a contract with their users that says they log personal data for the purpose of debugging, and then they use it for web analytics, that is not allowed, its a violation of the contract. And like you stated many just write consent into the ToS. But let us look at the privacy friendly case where the users are asked if they agree to other behavior analytics not related to debugging. And suddenly the log interface isn't so nice anymore.

In a perfect world personal data is labeled with the purposes it can be used for.

If such issues are not relevant to the company you work for, be grateful, and don't take the warnings personal. But by all that is holy to you don't tell people the log interface is a great substitute to web analytics.