this post was submitted on 08 Nov 2023
571 points (98.6% liked)
Technology
58137 readers
5011 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Wow, so basically blacklisting email sender's on ip address isn't allowed either? When is an IP address, an individual and when is it just a machine in the cloud?
You can. After all the GDPR does not forbid you to not accept to talk to someone.
I'm not sure that helps much. Blacklisting senders based on their IP is much more commonly (and effectively) done on intermediary servers rather than on the client.
What matters is the association of the IP to a person or account. If you receive spam and block the source IP it's not personal data. If you create an account on a website and they store your IP to it then it is.
Handling IPs for necessary technical service protection can also be acceptable without explicit consent as long as it's limited/temporary (you may be able to handle that without account association in the first place anyway).
GDPR does NOT prohibit storing any information indefinitely if it is required for proper functioning of the service. If the service bans you by IP, they need your IP indefinitely to function properly and GDPR doesn't apply. Just like you can't remove yourself from a creditor black list, and it will have a lot more personal information than just an IP address.