[BlueOnyx:22107] Attn. German BlueOnyx users: DSGVO update (again!)

Michael Stauber mstauber at blueonyx.it
Thu May 24 18:35:09 -05 2018 

Hi all,

First of all I'd like to thank Dirk Estenfeld to bring this to my attention.

On 25th May 2018 the DSGVO (GDPR) comes into effect. To that end we
already published updates for BlueOnyx which allow you to configure data
retention and expiry.

German BlueOnyx operators need to pay special attention, though:
=================================================================

By default BlueOnyx keeps 14 days of logfiles in /var/log/.

And we know that German lawmakers are incompetent fuckwits who refrain
from putting exact specifications into law. Instead the applicability
and specifics of each law need to be contested in court.

The DSGVO does not expressly state how long server logfiles *may* be
retained. The *consensus* on that stems from exemplary judicial court
cases.

The case everyone seems to settle on (BGH · Urteil vom 3. Juli 2014 ·
Az. III ZR 391/13 - see: https://openjur.de/u/704445.html) established
that in the circumstances given in *this* court case 7 days of logfile
retention was fine.

It doesn't make 7 days the law, as there might be legitimate exceptions
where longer logfile retention *may* have a legally acceptable basis
like mentioned in § 100 Abs. 1 TKG. But it would require taking such a
case to court (again) to test it for legal conformity. And even then it
would just apply to these exact circumstances. Great, isn't it?

Long story short:
==================

Another set of updates has been published for BlueOnyx 5207R, 5208R and
5209R. With that installed you can specify how long your server logfiles
are kept and can choose a different period than the standard 14 days.

See: "System Settings" / "Data Retention" and then "Server Logfile
Retention".

It's now possible to specify 1-90 days of logfile retention with 14 days
remaining the standard value.

German BlueOnyx operators are encouraged and advised to configure 7 days
logfile retention unless their legal counsel has a better idea than that.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list