Remix.run Logo
nickslaughter02 a day ago

Europa, the official web portal of the tech sovereign European Union, will have to change their CDN provider (Amazon's CloudFront).

https://europa.eu

AndroTux a day ago | parent | next [-]

So will https://wero-wallet.eu - you know, the European alternative to VISA/MasterCard.

cesaref a day ago | parent | prev | next [-]

Unless that site collects personal information, it's fine isn't it? This isn't about where stuff is hosted, it's about privacy.

AndroTux a day ago | parent [-]

IPs are personal information afaik

dspillett a day ago | parent | next [-]

That has gone back and forth numerous times over the decades, particularly in legal cases concerning unlicensed content sharing. I think the consensus ATM is that they generally aren't on their own, largely because most network access is through shared NAT arrangements.

At most an IP address (definitely v4, v6 depending on your arrangement) identifies a household or office, not an individual, and “it seems someone hacked the wireless, or one of my smart devices, or a rouge plugin turned me into a residential proxy, etc.” muddies the water further, often an IP address identifies nothing more than which mobile data provider or VPN provider the user was connected through.

As a simple for instance: No one warns when all that is collected is the calling hosts' apparent IP address in their web server or other service logs. Only once entries with record of the address are explicitly linked to other PII (i.e. if URLs contain PII like names, addresses, etc, so those are logged alongside the calling address) is it an issue - and even then the recording of that information in the wrong places is the problem (in the HTTP logs example, what is that data about the user even doing existing in URIs?) not the calling IP address.

buzer 17 hours ago | parent [-]

You are somewhat confusing two distinct concepts. IP addresses are considered to be personal data because they can be linked to single individual and controller is allowed to give this personal data to someone who can do the linking (e.g. police who can then request logs from ISP or NAT connection logs from the company).

Now it doesn't mean it will always link to single individual, but unless controller can be sure that there are always at least 2 people behind the IP and the devices on that side do not keep enough information to ever link IP+timestamp+destination service to single individual, the controller essentially must assume that IP address is personal data.

This is different from civil liabilities. National courts determine what is the threshold for that. For example in Finland the court has ruled that if the owner of the car cannot name the person who parked the then the presumption is that they did it and are responsible for parking contract breach (KKO 2026:24). National courts could end up with similar ruling for civil liability for sharing content, i.e. assumption that the IP owner either is the person who shared it or knows who they did it & if they refuse to name the person then presumption is that they did it.

cesaref a day ago | parent | prev | next [-]

Ah, of course. Interesting.

throwwwll a day ago | parent | prev [-]

Yes, they are

hahahaa a day ago | parent | prev [-]

Can they even use a CDN now?

dgellow a day ago | parent [-]

We have European CDNs

znpy a day ago | parent [-]

BTW I honestly think they could get away with running a few instances of Varnish/Vynil and call it a day.