Comment by sleepyhead
7 years ago
"We don't use cookies or collect any personal data."
IP-address is considered personal data. So when the browsers visits a page with the JS, the IP-address of the user is transferred to your server. So that means the website I am visiting is sharing my IP-address with a third-party (you).
The IP address isn't stored though.
I don't think that is relevant. What matters is that it is transferred to a third-party. And regardless if it is stored in a database, the servers are still processing the data (and maybe storing the log of it).
At least under GDPR the relevant question is if it is stored and who it is shared with. So if it is not stored/shared then it should be fine legally.
How would you do analytics without the IP address being "transferred to a third party"? Outside of self-hosting, either the user's browser is going to be making a request to the analytics provider (and therefore exposes their IP), or you're going to have to have some sort of proxy mechanism on the site's server that strips that information and sends it from there.
Am I missing something?
2 replies →
Would it make a difference If the information was anonymized /hashed?
Only if there is no way to identify the user. A hash or anonymised id is still personal data if you can identify a person with it.