[PATCH] conf/nginx.conf: add example "privacy" log_format
Anton Luka Šijanec
anton at sijanec.eu
Wed Jan 13 11:37:36 UTC 2021
Hans-Christoph Steiner <hans at guardianproject.info> @ Wed, 13 Jan 2021 10:27:42 +0100:
> The standard log_formats store detailed information which falls under
> data regulations like the EU's GDPR and California's CCPA. This merge
> request adds a suggested "privacy" log_format that generates logs that
> cannot be used to identify users. This has been developed and used by
> Tor Project, Guardian Project, and F-Droid.
IANAL, so: Are there any exceptions in EU's GDPR that allow short-stored logs of user-identifiable information? That would seem useful, as *some* logging is useful when detecting and reporting fraudalent activities and for detecting spam. Logs are rotated and are sometimes useful when a data breach happens.
I've also seen some examples of ISPs having to store info, that would be classified as user data, for 6 months for detecting illegal activities. See .
Again, IANAL, but  describes some allowances regarding log data. I agree with adding the privacy option, but is that really a must when dealing with EU customers?
More information about the nginx-devel