[BlueOnyx:22108] Re: Attn. German BlueOnyx users: DSGVO update (again!)

Ken Hohhof khohhof at kwom.com
Thu May 24 20:37:32 -05 2018 

If website logfiles are to be purged after 7 or 14 days, are you allowed to keep website analytics as long as they are anonymous, i.e. divorced from visitor identification like IP addresses?  I'm talking about counts of pageviews and unique visitors, top referrers and entry pages, browsers, etc.

(Still not sure why an IP address is considered personal or private information.)

 
-----Original Message-----
From: Blueonyx <blueonyx-bounces at mail.blueonyx.it> On Behalf Of Michael Stauber
Sent: Thursday, May 24, 2018 6:35 PM
To: BlueOnyx General Mailing List <blueonyx at mail.blueonyx.it>
Subject: [BlueOnyx:22107] Attn. German BlueOnyx users: DSGVO update (again!)

Hi all,

First of all I'd like to thank Dirk Estenfeld to bring this to my attention.

On 25th May 2018 the DSGVO (GDPR) comes into effect. To that end we already published updates for BlueOnyx which allow you to configure data retention and expiry.

German BlueOnyx operators need to pay special attention, though:
=================================================================

By default BlueOnyx keeps 14 days of logfiles in /var/log/.

And we know that German lawmakers are incompetent fuckwits who refrain from putting exact specifications into law. Instead the applicability and specifics of each law need to be contested in court.

The DSGVO does not expressly state how long server logfiles *may* be retained. The *consensus* on that stems from exemplary judicial court cases.

The case everyone seems to settle on (BGH · Urteil vom 3. Juli 2014 · Az. III ZR 391/13 - see: https://openjur.de/u/704445.html) established that in the circumstances given in *this* court case 7 days of logfile retention was fine.

It doesn't make 7 days the law, as there might be legitimate exceptions where longer logfile retention *may* have a legally acceptable basis like mentioned in § 100 Abs. 1 TKG. But it would require taking such a case to court (again) to test it for legal conformity. And even then it would just apply to these exact circumstances. Great, isn't it?

Long story short:
==================

Another set of updates has been published for BlueOnyx 5207R, 5208R and 5209R. With that installed you can specify how long your server logfiles are kept and can choose a different period than the standard 14 days.

See: "System Settings" / "Data Retention" and then "Server Logfile Retention".

It's now possible to specify 1-90 days of logfile retention with 14 days remaining the standard value.

German BlueOnyx operators are encouraged and advised to configure 7 days logfile retention unless their legal counsel has a better idea than that.

--
With best regards

Michael Stauber
_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

More information about the Blueonyx mailing list