tags:

views:

101

answers:

5

I like data. That is why I add a standalone PHP script which logs all relevant HTTP variables like:

  • Date of visit
  • IP
  • User-agent
  • Request URI
  • Referer

Am I allowed to store all this in non-public text files?
Am I allowed to evaluate the data?

What am I allowed to do with the log files?
Do I have to delete them after some time?

Additional info:

I'm living in Austria :)

+3  A: 

In some jurisdictions you are obliged to delete it after some time. For example in Luxembourg you may only keep it for 6 months.

In some jurisdictions you are not allowed to disclose this data to other users since its is considered personal information.

In some jurisdictions like Germany you have to state precisely what kind of data you're gathering and what you intend to do with it. Then you have to stick to what you declared.

Developer Art
Correct. What you can do depends on the local laws.
Gert G
+1  A: 

In the US:

Are you doing this for your employer?
If yes, you need to consult them for their retention policy and etc.

If your are doing it for personal purposes, you are free to log away!

Keep in mind that for e-Discovery you actually may be obliged to keep the logs for longer if it ever comes up in court.

That is, the precedent has been set that if a user accuses you of something, and you don't have the logs to disprove it, you can be found guilty on the grounds that it probably happened.

John Gietzen
*"If your are doing it for personal purposes, you are free to log away!"* This is unsound advice in some legal jurisdictions; e.g. Switzerland, according to Wikipedia.
Stephen C
@Stephen He said "In the US:".
Jake Petroules
@Jake - only after he edited it. Besides, the OP is not in the US.
Stephen C
@Stephen: The OP only specified that he was NOT in the US with an edit...
John Gietzen
+1  A: 

I'm not sure what the legalities are on this, however the data your storing is no different from what Google Analytics. So it might be easer searching for the legallities of using such a service.

Other things to take note of is not just your location, but the location of the server where the logs are stored.

Audioillity
+1  A: 

In the time and age of Google, where data is not considered "yours" once it is collected by an external entity, it's nice to know someone still respects the end users' privacy, even of anonymous users.

I would definitely let your users know about the possible privacy issues they might encounter as a result of visiting the site. I like W3Schools' privacy policy. It sounds like they do exactly what you would be doing with the information.

amphetamachine
A: 

Since you're in Austria, you might want to read about the upcoming implementation of EU's Data Retention Directive.

Gert G