top | item 43922483

(no title)

A couple of days ago I was researching website analytics and GDPR/cookie law, and it seems clear that you need user consent even if IP addresses are only processed or temporarily stored before being discarded.

Arguing otherwise is like claiming it’s legal to steal from a store as long as you return the goods the next day - it’s legal fantasy.

I don’t think the EU is eager to go after these “ethical” analytics companies or their users, since they have bigger fish to fry. But if you think you’re legally in the clear using these solutions without user consent, you’re fooling yourself.

discuss

XCSme|9 months ago

The law will change soon as far as I know, but still, the best way to respect data privacy laws is to not send your data to other companies AND to avoid tracking personal and sensitive data as much as possible. If you self-host and don't share the tracked data, you are already doing better than 99% of the companies

dns_snek|9 months ago

> it seems clear that

Can you elaborate?

miragecraft|9 months ago

The logic is simple, as soon as you collected and/or processed IP addresses, you need user consent as it is personal data.

You don’t get to “undo” this requirement by discarding the IP address afterwards, the law doesn’t care.

Others have come to the same conclusion: https://github.com/plausible/analytics/discussions/1963