andrieslouw
commented
1 year ago I will need to check this, the project has no company affiliated, so I'm unsure who should sign such an DPA.
I also need to check if legally IP addresses are still considered personal information, and check how others are handling this. I know of a case in Germany, where the (local) court ruled that this is not considered personal info: https://www.theregister.com/2008/10/15/ip_address_personal_data_ruling/
We could consider moving all servers to German jurisdiction if this is the case, but I'm unsure how it affects GDPR legislation in the rest of the EU.
Maybe it's easier to drop IP addresses from logs, but it's one of the few ways we can combat abuse.
In the meantime, please prevent any issues by hosting the source code yourself; in this way you're in full control of everything.
apripy
Hi there,
My company uses the images.weserve.nl service to rescale some images for our users. Since the user's devices connect to images.weserv.nl, this means that some personal data from our users (their IP address) is sent to weserv where it is (according to your privacy policy) stored for 7 days.
According to our Data Protection Officer, this means that we need a Data Processing Agreement between my company and weserv in order to be compliant with data protection laws.
Would something like this be possible? From what the DPO said, this would be a requirement for you to be able to provide your service to companies in the EU.
Thank you.