I found a handy site for taking notes, but everything it says about the privacy of this one:

“Anonymous by default, no adverts. We offer a high level of privacy for both writers and readers. You don’t need to create an account to post something. There are no adverts on the entire page and we don’t use any social media scripts. You can rest assured that information about your activity on the site will not be used by advertising companies or social media.”

This is in the “About” section.

There is no information about what information the site collects about the user.

  • Max-P@lemmy.max-p.me
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    That’s what we’ve been taught at work, and also my general understanding of it.

    You don’t need a policy or a banner if you don’t need to inform and gather consent from the user. It’s just that nearly everyone does, so nearly everyone needs one. And big companies can’t even begin to imagine one would not collect any data at all. So Google and Apple both require a policy to publish an app, even if it just says “we don’t collect anything”.

    It may reassure users however to be explicit that you don’t collect anything, since now people assume the worst about everyone, especially when there’s some form of company involved.

    But if your site is just static HTML, there’s no user accounts and you don’t collect any statistics and have server logs turned off, you’re not collecting or processing any personal data. So you’re good. You can’t be sued for processing data you don’t have.

    Companies also tend to prefer to side with caution: you’re better off doing more than is strictly required than risk a lawsuit. The GDPR is pretty vague, so you might as well have one to cover your ass.

    • 𝘋𝘪𝘳𝘬
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      IP addresses are seen as personal data. So if you’re a sane person who does logging and analyzes the result, you need a privacy policy.

      If you embed external fonts/scripts/images/etc. you also need one.

      • CallumWells
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Are they? I would have thought that the IP address of someone accessing a site is public information.

        • 𝘋𝘪𝘳𝘬
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          1 year ago

          IP addresses are considered personal data.

          The data subjects are identifiable if they can be directly or indirectly identified, especially by reference to an identifier […]. Since the definition includes “any information,” one must assume that the term “personal data” should be as broadly interpreted as possible. This is also suggested in case law of the European Court of Justice, which also considers less explicit information, [such as] IP addresses.

          https://gdpr-info.eu/issues/personal-data/

          The whole article is a great read, btw.

          “Personal data” (and thus the protection of it and how organizations servicing EU citizens have to handle them) is much, much, much, more than just your name.

          • CallumWells
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            I kinda think that the IP address is public information when you go to a site still. Since it’s needed to get data back to you and you’re requesting to get data back. But maybe I’m just a bit too old and stuck in the thinking of the phone book and such.