search

Bastian / bStats

bStats collects data for plugin authors. It's free and easy to use!
https://bstats.org/
MIT License
153 stars 33 forks source link

GDPR? #72

Closed ryantheleach closed 6 years ago

ryantheleach commented 6 years ago

I notice this hasn't been posted anywhere as an issue, but GDPR?

How does bStats operate under / enforce the GDPR?

MiniDigger commented 6 years ago

have you bothered reading the privacy policy before opening this? do you see any issue in the privacy policy?

Bastian commented 6 years ago

Hey, First of all: I'm not a lawyer, so I might be wrong with anything I'm going to say. If someone has more knowledge about this topic than me, I would be happy to be corrected.

About the GDPR: This shouldn't affect bStats for a very simple reason: bStats doesn't store/collect/process any personal data. To quote from your link:

The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.

  1. All stats from bStats are not collected from a "normal" person's computer, but from servers. I'm not sure how much this matters, but the next point is more important anyway
  2. The collected data does not allow it to identify a particular person. Common collected stats like player-amount, OS, Core-Count etc. are too general to be considered "personal data"
  3. This non-personal data is additionally also stored completely anonymous. My database just contains the information you can see on the website. There's for example just Plugin x has y servers and z players. Stuff like Server x has y players and z CPU-Cores and uses Linux isn't even stored.

Where you must be careful tho, is when you create custom charts. For example you could theoretically create a pie chart, which just contains all IP-adresses from players or servers using your plugin. This would be against the GDPR without informing your users properly. But this is out of my scope and up to you. On the other hand, I would delete plugins with such charts anyway.

About the privacy policy on the website: This is a general template for all kinds of websites which just covers more aspects than necessary to be on the safe side. If you read it, it probably sounds like bStats is an online shop. ;) You can read it if you want to, but it contains a lot of stuff which isn't even important for bStats. German laws are pretty strict, so I'm not going to edit/rewrite it, as it's very easy to get something wrong. I'm also not willing to pay a lawyer to write a custom one.

You can find the used generator here: https://www.muster-vorlagen.net (German website)

MiniDigger commented 6 years ago

That particular page seems to be under construction for an update to gdpr (well the German implementation dsgvo), so I would prolly just check back in a week or smth and see what changed.