Comment by LyndsySimon

7 years ago

How would you do analytics without the IP address being "transferred to a third party"? Outside of self-hosting, either the user's browser is going to be making a request to the analytics provider (and therefore exposes their IP), or you're going to have to have some sort of proxy mechanism on the site's server that strips that information and sends it from there.

Am I missing something?

2 comments

LyndsySimon

Reply
ecnahc515  7 years ago

It's exactly as you state. This is the problem. The IP address needs to be stripped before storing or sending to anyone else, or it's still something you need to consider as personal data. This matters for GDPR. So in effect, this service still has to adhere to GDPR, because it is in fact receiving IP addresses, regardless of them getting stored or not.

  • iDemonix  7 years ago

    GDPR bores the hole off of me so I haven't done much reading, but I do remember a court dismissing a piracy case recently because 'IP addresses alone are not enough to identify an individual' - how would this play in to this scenario?