GDPR and Statistical Analytics

You have many logs, which contain the IP. GDPR is not demanding that do not record IP addresses. You need to document everything. That is the hard work. cPanel Update and you got a new logfile somewhere. So you might have an interest in keeping the amount of saved data as low as possible. That way exposure of data is minimized.

cPanel could start offering some tools or help around removing logfiles and data. And to reduce the amount of data that gets saved. Reducing apache logging accountwise could be done via CustomLogs, which are piped through a script.
E.g. scripts like this Anonip | Swiss Privacy Foundation

IPs could be converted into hashes (quite common option in webanalytics to be able to follow people through webpages without storing IPs longer than needed). You can find such options in Wordpress analytics addons.

GDPR gives people the right, to get an export of all their data saved with you. That is a bit tricky when you got everything cluttered around in many logs and databases. When GDPR is in action and the first court-rulings are done, we might see a consolidation in the reseller space. Or more software designed around handling data in compliance with GDPR.

 

If you think about certain countries with data retention laws, you might are not allowed to delete data for a certain time-span. Every country can overrule parts of GDPR (mostly tax related)

You're correct, that the Stattools offered via cPanel are accessing the logfiles. There is no other source. That makes is easier than using e.g. Google Analytics but IPs are stored. In e.g. Germany there are websites, which log 127.0.0.1 for every webaccess.
This is stated in the data-protection information on these website. Some use thirdparty tools to tweak the storage behavior
github.com/webfactory/mod_log_ipmask

Many wordpress plugins with analytics or security functionality are offering tools to delete or change IP addresses in logfiles since years. Nothing new beside you now have a generic label "GDPR" to make it more easy to find such functions.
Eg. Deleting and shorting IP:
blog.nintechnet.com/ninjafirewall-general-data-protection-regulation-compliance/
E.g Hashing IP:
wp-statistics.com/2017/05/26/settings-page/

The core of wordpress seems to get GDPR functionality as well.
Proposed roadmap: Tools for GDPR compliance

GDPR is not forbidding saving all this stuff. There are reasons to save IPs for longer times.

I would like to see a way, to setup data retention time span and format of logging for every website via cPanel. Just a small step, when you think about all the logs and datastreams. The website seems to be a bigger part with all the external scripts (e.g. Google Analytics is known, but you have the same IP issue with Google Fonts and Google Maps.).

 

Hi, since I think it adds to this discussion, I add it here...

I followed cP's instructions and in WHM set the logging times etc...
but I still wonder about tools like ie. cpHUlk, or the csf firewall or the blacklist ... how long is that IP data stored? Even hackers have in the eyes of Brussels a right of privacy and to be "forgotten"

And do these tools transmit any data from my server, ie. to check with spam blacklist
What about SpamAssassin? Does it transfer personal (ie. IP) data off my server?
Any tool I have not mentioned yet?

Thx a million to you all
Dan

 

HI Lauren, thank you... the logrotation, is that the same I set in WHM (2 tabs with logging)?

Thx a million

Dan

 

excellent thank you...will look into this!!

 

HI, found the next thing I don't know..

in cPanel under Raw Logs, i find many old "
Archived Raw Logs"
am not aware I ever archived them...how can i (auto) remove all ?

Thx

Dan

 

Hi, thx... will try...but I see logs from 2017... can I delete these somehow?

Thx

Dan

 

HI Lauren, thank you... can you hint me to which folder I will have to look for to delete them?
Thx again

Dan

 

Sorry to dig up an older thread, but this comes up 2nd when googling and it's still open. I'm finding the answers here insufficient.

Could a cpanel rep answer this:
"Delete each domain’s access logs after statistics are gathered"
- What's contained in them? Is this the "Raw Access" section in Cpanel for each domain?

"Archive logs in the user's home directory at the end of each stats run unless configured by the user."
- Where do we configure that?

Not related to GDPR, but:

"Include password in the raw log download link in cPanel (via FTP)."
- Erm what, store the password? This can't be good for anyone's security?

 

Okay thanks.

In regards to AWSTATS, does it keep a record of users IP? Need to make sure our logs are cleaned of stuff like that, as I imagine once AWSTATS has done it's thing, it doesn't actually need the log files it uses?

Can't find anything about dealing with the logs for that.