Bad Behavior and GDPR compliance

  • I am a developer and currently checking out all of the main plugins I use on a site by site basis for GDPR compliance. I understand that bad behavior logs IP addresses which are seen by GDPR as personal information that needs to be protected. Can you tell me if the IP addresses that are logged could belong to humans, or are just bad robots that are stopped from accessing the site. In particular can you elaborate on this paragraph found on your website on the About Bad Behavior page.

    And it stores personally identifying information for a maximum of seven days, (it is usually not stored at all) making it compatible with virtually any corporate or government privacy requirements.

    I need to create Privacy Policies that accurately describe what information is collected, why, and how it is used, where it is stored and for how long.
    Thanks in advance.

Viewing 2 replies - 1 through 2 (of 2 total)

  • Same here, guess I’ll have to disable it for the time being.

    Thread Starter nix255

    (@nix255)

    I have done some further research and discovered that the cookie used by bad behaviour has been deprecated, so it no longer uses the bb2_screener cookie.

    With regards to the possibility of an IP address being logged. I decided that the security offered by the plugin outweighs the possibility of an IP address being logged.

    I have included the following information in the Privacy Policy, although I’d still like some clarification on where the log file (database or file) is stored.

    Lawful basis: Legitimate interests?
    The reason we use this basis: To provide security for our own website.
    We process your information in the following ways: Your IP address may appear in security logs for a brief period.
    Data retention period: 7 days
    What we do with the information we gather
    IP Address and browser information can be used to help keep this website secure and prevent fraud. It is possible that this information may be logged temporarily.
    Security
    The security plugins in use on this website prevent spam robots, and hackers from overloading the website or gaining unauthorised entry. It is possible that on occasion your IP address and browser information may be logged by this system.
    Security plugins in use on this website include:
    Bad Behavior: prevents spam and scrapers from overloading the website. There is a small chance that this plugin will log your IP address and browser information. This is stored in a log file and deleted after 7 days. There is no reason why this information should be processed or be personally identifiable to you.

    This may help you.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Bad Behavior and GDPR compliance’ is closed to new replies.