GDPR doesn’t say you can never use any form of user data. It says a lot about what data is considered personal, what kind of disclosure and consent you need to setup first (mostly terms of service stuff), how you can store that data, how you can use it, and what responsibilities you have to remove or produce that data on demand. Until you’ve implemented GDPR it can be hard to understand what it is. But it’s not a super bonus +1 magic shield for all information.
Ragerist@lemmy.world 1 year ago
Wouldn’t Netflix’s password sharing fall under the same law then?
They use user information like connected wifi and position data to determine if a device is used away from the defined “home”.
scarabic@lemmy.world 11 months ago
Khanzarate@lemmy.world 1 year ago
No.
Netflix logging your IP is the equivalent of taking a photo of someone in public. Not ideal if you’re into privacy, but it’s a public place, so it’s your problem. YouTube’s Adblock detection is equivalent to patting them down to see if they have a weapon and requiring their ID. The software actively looks for changes, using technology that could detect what extensions you have installed, gather data to profile you better for ads, and monitor what you’re doing in your browser while the tab is open.
Both are ultimately for the same purpose, to prevent people from avoiding to pay them, but methods matter.
iamtherealwalrus@lemmy.world 1 year ago
Incorrect. gdpr.eu/eu-gdpr-personal-data/ states IP addresses are personal data.
speaker_hat@lemmy.one 1 year ago
What’s the email of the privacy committee again?
MrOxiMoron@lemmy.world 1 year ago
Wow, so basically blacklisting email sender’s on ip address isn’t allowed either? When is an IP address, an individual and when is it just a machine in the cloud?
gian@lemmy.grys.it 1 year ago
You can. After all the GDPR does not forbid you to not accept to talk to someone.
Aux@lemmy.world 1 year ago
GDPR does NOT prohibit storing any information indefinitely if it is required for proper functioning of the service. If the service bans you by IP, they need your IP indefinitely to function properly and GDPR doesn’t apply. Just like you can’t remove yourself from a creditor black list, and it will have a lot more personal information than just an IP address.
Kissaki@feddit.de 1 year ago
What matters is the association of the IP to a person or account. If you receive spam and block the source IP it’s not personal data. If you create an account on a website and they store your IP to it then it is.
Handling them for necessary technical service protection can also be acceptable without explicit consent as long as it’s limited/temporary (you may be able to handle that without account association in the first place anyway).