GDPR compliance: IP addresses are stored indefinitely
Foorack opened this issue ยท 3 comments
Issue
We do have an interested in being alerted of users with the same IP as a banned player, which is why we have logIps
true. However, it stores players IPs in bm_player_history
indefinitely with no easy way of purging older entries (older than X days).
Suggsetion
Add a cleanUp
configuration for logged (but not necessarily banned) IP. If there already exists one then I'm sorry but I couldn't find it.
Information
Our bm_player_history
table has ~2,141,887 entries. ๐ถ
Current cleanUp options:
# Keep records for number of days, use 0 to never delete
cleanUp:
kicks: 30
banRecords: 0
ipBanRecords: 0
ipMuteRecords: 0
muteRecords: 0
readWarnings: 0
unreadWarnings: 0
The primary interest of the bm_players_history
table is mainly the vast amount of data it holds. We don't have a reason to store the IP-address of a player who joined on our servers 5 years ago and never again since. I didn't know bm_players
also stored the IP-address of players, and it would also be of interest to clear that as well if it is too old. Is this table only for players with punishment-history of for everyone?
Would it be possible to wipe a player from the database if a configurable X amount of days have passed since they last logged in (by the bm_players lastSeen) - and - if they have no previous punishments? ๐ค
The right to be forgotten only applies if the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed; and/or there are no overriding legitimate grounds for processing.
The GDPR is only against storing information about everyone, forever. It is perfectly fine to store minimum required information to ensure system-operational capabilities (i.e in this case maintaining a ban system (list of IP's) ) as long as is required. ๐
That would cover the history table, however, what about the players
table (bm_players) which stores the last known IP? The issue with that is BM presumes a player always has an ip address on record. Would replacing that with 127.0.0.1
suffice? Or is that not necessary? The alternative of wiping the player from the table wouldn't be wise as it's required as a reference to past punishments.
As an aside, this doesn't necessarily have to be actioned by the plugin, you could set up a cron job deletes any old ip addresses or use MySQL's event scheduler.