1

My use case is very simple. I have a website, on which I have articles that I wrote. It behooves me to learn about the people who visit my site so that I know what articles are popular and why, mainly. I want to record the following:

  1. time/date of visit
  2. what browser they used, and what OS
  3. what their ISP is (or other type of host), which seems hard to determine so usually I don't have this info.
  4. what webpage they visited.

Noticed I do not record:

  • IP address
  • GPS coordinates (no drone strike possible)
  • any username or password
  • the person's name, because I don't know it

And there are no cookies.

Does the GDPR allow this limited recording?

ndk
  • 111
  • 1

2 Answers2

1

Feel free to record what you are about to, and even feel free to add IP addresses and GPS coordinates without even letting visitors know. You have these 2 defenses:

  1. You are not offering goods or services to your visitors (like if you were charging subscription fees to access your articles), therefore your site falls under Recital 18 — Not applicable to personal or household activities;
  2. You are not able to identify the real persons behind the data you record at reasonable time and costs, therefore it is not personal data (Recital 26 — Not applicable to anonymous data).
Greendrake
  • 28,487
  • 5
  • 71
  • 135
1

Feel free to record the personal data you mention (in general the GDPR does limit your ability to record personal data - the GDPR only tell you what you must do if you collect personal data. I.e. you don't need any "defenses" in order to legally do this.

However, I do not think you are exempt from the GDPR if you collect the personal data you list about the people who visit your website.

Whether a personal website is covered by "personal use exemption" or whether a IP-address is personal data is currently contested in answers to other questions on Law stack exchange. See, for instance Are server-logs reckoned as storing of personal data by website?.

I think you should read the linked, and related, Q&As, and the make up your own mind about whether you have to comply with the GDPR if you record this personal data.

Free Radical
  • 3,322
  • 16
  • 28