[PATCH] conf/nginx.conf: add example "privacy" log_format
hans at guardianproject.info
Wed Jan 13 11:50:31 UTC 2021
Anton Luka Šijanec:
> Hans-Christoph Steiner <hans at guardianproject.info> @ Wed, 13 Jan 2021 10:27:42 +0100:
>> The standard log_formats store detailed information which falls under
>> data regulations like the EU's GDPR and California's CCPA. This merge
>> request adds a suggested "privacy" log_format that generates logs that
>> cannot be used to identify users. This has been developed and used by
>> Tor Project, Guardian Project, and F-Droid.
> IANAL, so: Are there any exceptions in EU's GDPR that allow short-stored logs of user-identifiable information? That would seem useful, as *some* logging is useful when detecting and reporting fraudalent activities and for detecting spam. Logs are rotated and are sometimes useful when a data breach happens.
> I've also seen some examples of ISPs having to store info, that would be classified as user data, for 6 months for detecting illegal activities. See .
> Again, IANAL, but  describes some allowances regarding log data. I agree with adding the privacy option, but is that really a must when dealing with EU customers?
Both GDPR and CCPA allow log data to be gathered, stored, and used. Those are
regulated though, that means they must be considered when a user requests you
give them their data, to delete all references to a user, etc. You must also
consider the legal definition of "for no longer than is necessary for the
purposes for which the personal data are processed" in the context of your
business activities and data you're gathering. These are all non-trivial.
The goal of the "privacy" log mode is to guarantee that the log files do not
fall under GPDR/CCPA regulation, but still provide useful information. Then
those log files can remain outside of GDPR/CCPA reviews.
IANAL, I am a researcher focused on privacy and metadata. Those log files do
not contain Personally Identifying Information (PII) and also do not contain
enough info to identify someone. They might contain enough data to identify
someone in combination with other large data sets, like all of a user's browsing
PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556
More information about the nginx-devel