Topic on Extension talk:CheckUser/Archive 2

Compliance with European Union legislation ?

3
Nanash (talkcontribs)

In all European Union countries, automatic IP storing is subject to the RGPD. And can therefore only be carried out after explicit consent has been obtained from each user. Cf website of European commission.

Does this extension meet these conditions ?

Dreamy Jazz (talkcontribs)

To caveat this answer: I am not a lawyer. This answer if my personal understanding of this as a developer who only vaguely understands GDPR. I would suggest that if you need a concrete answer that you consult lawyers familiar with GDPR.


My personal opinion:

  • This is used on Wikimedia Foundation wikis (which includes Wikipedia) and therefore probably meets these requirements as lawyers for the foundation will have checked the requirements.
  • The data is only collected and then stored when the user performs an action that they should have to affirmatively perform (for example, making an edit). When this is done, the user is presented with text along the lines of By publishing changes, you agree to our Terms of Use. In this document is contained the information about the collection of IP addresses for abuse mitigation.

As such I would suggest that this extension meets the requirements as long as your wiki has a privacy policy / terms of use that a user is presented with when trying to edit. However, as I've said above, this is my opinion only and may be completely wrong.

Hopefully my comment is helpful.

Nanash (talkcontribs)

The fact that Wikifoundation is doing it is no guarantee of legality. Lots of "big websites" are in breach of the RGPD without worry as long as a legal complaint isn't lodged.

But yes, I suppose putting a clear warning in the "Term of Use" at account creation and editing should be ok.

Reply to "Compliance with European Union legislation ?"