03 May 18 00:16, Michiel van der Vlist wrote to Markus Reschke:
MR>> Any node running binkd has lots of IP addresses in the log file.
MvdV> Yes. But those aren't third party data. Those are the IP numbers of MvdV> nodes that have called my system and those that my system has MvdV> called. How is that different from the list of numbers collected in MvdV> my mobile phone?
I think it is different because you use your phone in a more private way (usually only you communicate with it). Furthermore, there is probably technical and/or legal requirement to transfer the number of the mobile caller. However, in the end you may be required to prune your phone log on a regular basis, too. IMHO you definitely are required to delete your binkd log data after a few weeks. The only reason to keep it is something like "make debugging possible and ensure the proper function of the service", and that reasoning goes away after a few days (same for any other provider of telecom services).
MR>> But this is only a small part of the personal data we collect and MR>> process. Who is responsible for the proper documentation required by MR>> the GDPR? Each node for his system or the NC/RC/ZC for all nodes in MR>> his net/region/zone? Presumably the latter.
MvdV> I don't know, but I don't think anyone can be responsble for what MvdV> he/she does not control.
I wouldn't buy into that too easily. We have a hierarchical structure that allows people in "higher up" positions to ask other further down the road to comply to certain rules. We do so for ages with stuff that is written in our policies.