Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That would explicitly not be in line with the GDPR. Specifically, it would break 5.1(b) - purpose limitation.

> collected for specified, explicit and legitimate purposes



Data about logged in sessions is generally stored for security purposes.

If a malicious person had access to your account you want to know for how long they had that access for example.


Sure, that seems like it’d be a legitimate purpose, my comment was more a response to this.

> Store it because nobody knows what to do with it?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: