Create your privacy policy Click here to open mobile menu

Does log data count as personal data?

At first glance, website server logs look like jumbled lines of text, but they are a goldmine of user information that should be acknowledged in any website privacy policy statement.

A website server log is a record of website activity, which is automatically generated by your web server provider. Site logs capture information such as:

  • A user’s IP address
  • Geolocation
  • User ID
  • A timestamp of when the recorded activity occurred
  • Browser type
  • Operating system
  • Referrals (the links which directed a user to your website)
  • Pages and files accessed
  • Site errors

Website server logs vs other types of logs

In addition to website server logs, website applications and analytics tracking platforms might also log certain more sophisticated tasks that users perform on a site, as well as changes to account information. This type of logging is similar to website server logging, but can differ on how data is collected and processed.

Take page views, for example. Server logs track all hits to a page, using server-side tracking methods. This means anything the web server recognises as a request gets logged, whether those requests come from real humans, bots, apps or other websites.

On the other hand, analytics software like Google Analytics rely on the visitor’s device to report on the specific type and nature of request they are making. This is known as a ‘client-side’ tracking method, usually assisted by JavaScript and browser cookies. These analytics platforms only count hits from users whose devices allow them to be tracked.

The data reported by each doesn’t always match up and sometimes can vary in accuracy. Some companies and marketers will work with both types of data to paint a clearer picture of website performance and user behaviour. When writing your privacy policy, it makes sense to talk about server logs and site analytics separately, explaining how your business deals with both types of data as transparently as possible.

Log data and privacy

While your website or app server logs might not collect information that could personally identify a user, this information may be combined with other data (such as a username, IP address and user profile information) to do so.

In regions where the EU General Data Protection Regulation (GDPR) privacy laws apply, the IP addresses and location data tracked in website server logs are also considered personal data. Given these privacy regulations, you must disclose what types of log data you collect, how and why you intend to use it, and any third parties you may share it with.

Now that you understand how website logs work, you’ll be better equipped to use this unique source of data while protecting your users’ privacy.

Create your free privacy policy with Getterms.io

Our free and easy-to-use generator can create a privacy policy for your website or app within seconds. Get your free policy now.

Back to Blog Posts