dc-ml at dvl.werbittewas.de
2022-Jan-05 13:41 UTC
GDPR/sender-ip (was: make received-header on submission optional or at least drop the ip in it)
Am 04.01.22 um 08:39 schrieb Aki Tuomi:> We'll take a look at your patch. Can you please point out to some legal information about the Received header's GDPR incompliance, I would be interested to see it.thanks for doing so. the GDPR says about personal data: - that only really needed data has to be stored - that this data has to be used only for that declared needs - that any other usage has to be prevented, especially by third-parties the EuGH has judged in 2016 (Patrick Breyer vs. Germany, C-582/14), that an IP-addresses can be personal data, because the person may be identified via this IP, so they have to be handled as such. http://curia.europa.eu/juris/documents.jsf?num=C-582/14 therefore the possibility, that others may for example see when a person was at a place (connected to an IP) has to be prevented at least in europe. if such information is published for people with high email-activity, then it would be possible for everyone, who has access to this email (which might be really everyone on earth for example in archived mailing-lists) to track these people over the whole time. for security-reasons we're logging any submission-request together with the origin-IP in our logs for at least seven days. so any mis-use of our service may be prosecuted even without storing this information in every email. In germany some courts judged, that if the police asks us for the IP, we've to store the log-entry at least as long, as a court needs to judge, that we have to give it to the police. (I think this is a reasonable balance between protection of personal data and legitimate public interest) if there are further questions to this topic I'll try to reply, but you should know, that my english isn't that good, especially to explain juridicial things... regards d.
John Fawcett
2022-Jan-05 16:39 UTC
GDPR/sender-ip (was: make received-header on submission optional or at least drop the ip in it)
On 05/01/2022 14:41, dc-ml at dvl.werbittewas.de wrote:> > Am 04.01.22 um 08:39 schrieb Aki Tuomi: > >> We'll take a look at your patch. Can you please point out to some legal information about the Received header's GDPR incompliance, I would be interested to see it. > thanks for doing so. > > > the GDPR says about personal data: > - that only really needed data has to be stored > - that this data has to be used only for that declared needs > - that any other usage has to be prevented, especially by third-parties > > the EuGH has judged in 2016 (Patrick Breyer vs. Germany, C-582/14), that > an IP-addresses can be personal data, because the person may be > identified via this IP, so they have to be handled as such. > > http://curia.europa.eu/juris/documents.jsf?num=C-582/14 > > therefore the possibility, that others may for example see when a person > was at a place (connected to an IP) has to be prevented at least in europe. > > if such information is published for people with high email-activity, > then it would be possible for everyone, who has access to this email > (which might be really everyone on earth for example in archived > mailing-lists) to track these people over the whole time. > > > for security-reasons we're logging any submission-request together with > the origin-IP in our logs for at least seven days. so any mis-use of our > service may be prosecuted even without storing this information in every > email. In germany some courts judged, that if the police asks us for the > IP, we've to store the log-entry at least as long, as a court needs to > judge, that we have to give it to the police. > (I think this is a reasonable balance between protection of personal > data and legitimate public interest) > > if there are further questions to this topic I'll try to reply, but you > should know, that my english isn't that good, especially to explain > juridicial things... > > > regards > > > d.Hi the safest non technical approach is to request that your users consent to the processing of the data. The dynamic ip address is however personal data in a very limited sense ( i.e. where the service provider can link the dynamic ip address to other information that then identifies the individual). Where people are sending email to public mailing lists, there is no presumption of privacy. John