|
|
|
|
|
|
by zrn900
206 days ago
|
|
|
> HTTP logs are retained for 7 days There you go. The moment you save any information that can help identify someone for any period, you are within the scope of the law. God forbid you keep the IPS for any reason. > for security analysis The law doesnt give a zit about what you do it for. If you retain any personal info or set any cookie, you have to tell the user about it and give options. > Matomo instance Hahaha - matomo itself is non-compliant with the law. Its developers think that anonymizing info or collecting bits and pieces for functional info and setting a cookie for that purpose allows you not to show a banner. That's wrong. It doesnt matter for what you collect info or set a cookie - the moment you set a cookie, you have to show a cookie banner and tell exactly what you are collecting and what you are using it for. Even for functional cookies. The only way you can be compliant with this law is by setting an apache header or something to delete all cookies the moment they are set so that you wont leave any cookie. Even in that case, you may be responsible for you are holding that information even for a few miliseconds. (yeah, you as a techie think that its not important, but law doesnt work that way). Best chance is to have a server that does not set any cookie or collect any info in any way. Good job preventing spam, fraud, ddos with such a setup. |
|
|