Hey Thank you for reading through. I have a few questions about GDPR.
But first to me: Hey, I'm IPEXA (Nico) and I want to open a Minecraft network. Now I don't want to go wrong from a legal point of view. Now I have researched myself and still no correct and relatively sure answer.
When entering a Minecraft server, the IP is saved.
Now you can say ok, you can "find" someone with it. But now I have my arguments:
Google says that phone number, address, appearance and credit card data count as personal data.
Then I specifically looked again for the topic of IP and found that
it only counts as person-related data if a website operator has legal means to identify the person through additional information.
Now I'm no longer talking about a website operator, but a Minecraft server! And there are a few questions for me:
1: The IP address does not count as personal data if I can't identify it from the IP and the other data?
2: Does a Minecraft server require a data protection declaration?
3: Is the data protection declaration voluntary for MC Server?
4: Even if I don't have any personal data, do I have to inform people what data is being saved and what it is being used for?
I hope the text wasn't too complicated. You can probably recommend a book where you can read something or something. Or a website where you can create a privacy policy for your MC server. Thanks for reading through! Stay healthy and have a nice day! I look forward to the answers!
https://wwwschutz.de/blog/urteil-ip-adressen-sind-personenbezogene-daten/
→ Data protection declaration necessary.
And is that also the case for Minecraft servers?
I do not understand the question.
The website was mostly about websites. That's why I asked myself whether this also applies to MC Server!
The BGH judgment is linked there. This makes it clear that IP addresses are personal data. With that everything is answered.
Thanks
The big question is: do you do this commercially or privately? If private, then you don't have to worry so much, see https://www.ldi.nrw.de/mainmenu_Datenschutz/Inhalt/FAQ/Datenschutzrechtbeachten.php#:~:text=Grunds%C3%A4tzlich%20m%C3%BCssen%20auch%20Privatpersonen%2C%20die,oder%20nutzen%20die%20Datenschutzgrundverordnung%20beachten.&text=wirtschaftlichen%20T%C3%A4tigkeit%20vorliegt%20oder%20wenn%20personenbezogene%20Daten%20im%20Internet%20ver%C3%B6ffentlicht%20werden.
But if you now earn money with it and you are responsible for data processing, you have to do a lot more than consider the IP addresses.
I don't really want to earn any money with the server. Actually, this is supposed to be a fun project. It should be a public project where everyone of the MC can play on it. But at the moment I didn't intend to make any money with it. Maybe at some point. You seem to be a data protection auditor, can I possibly be helped a little more and what does a data protection declaration cost for my application?
No. I have already answered in detail here
The IP address is personal as it can be assigned by the ISP.
The GDPR does not apply to private individuals.
For commercial use etc. You have to consider many other things. (Imprint, data protection declaration, etc.)
Did I understand correctly: As long as I don't earn any money with my server, I don't have to make a privacy policy?
LG and thank you very much
It doesn't have much to do with sales. Clubs, for example, usually don't earn any money and need a privacy policy. In your case, however, I assume that you will not need one.
Ok, why do you assume that I don't need one? So I would be interested
Hey @katzebiggi! Thank you for the text. Now, even if plugins save data and so on, do I not need a privacy policy because I don't have a website and I don't sell anything? I'm pretty insecure and I'm sorry because I've seen so many different answers to good questions here.
The text is completely wrong. IP is personal - that was controversial, decided the BGH.
And the GDPR always works precisely when personal data is processed. Whether this is done by a health insurance company, an employer, a website or an MC server is completely irrelevant. And it is particularly irrelevant whether this is done for commercial or non-commercial purposes - the GDPR only speaks of procedures and reasons for data processing.
I don't really care. Feel free to selectively pick out the wrong answers and then just do nothing. Not my problem.
Anyone who gives such information has to prove it for a Minecraft server without a website. Yes, an IP is part of personal data, but you can't understand anything with that alone. A GDPR is primarily aimed at shops, forums, etc., where personal data such as name, address, password, and possibly credit card details are stored.
Please inform yourself before such nonsensical statements.
On the contrary - in the entire text of the GDPR there's absolutely nothing in the direction of "aimed at shops". This is just plain nonsense.
And if so, then you have to prove some nonsense.
But I don't have to contradict you - you do that yourself with each of your meaningless sentences, e.g. "Yes, IP is personal - but with that alone blablub". Find the mistake… But your private layman's interpretation is probably more relevant than a BGH basic judgment.
Plugins only save the IP and the player name. Nothing else. This is data that is required for the game and is not covered by the GDPR. Try to create a GDPR with a genearator, because you will quickly notice that you can't provide any correct information for a Minecraft server. And if the information here is too confusing for you, then ask a lawyer.
Here you can only pass on your own experiences that are not legal information.
Well then don't worry so much. If you absolutely want to include a data protection declaration, then google "swing data protection declaration", which is very good. However, I'm not familiar with MC servers, what is stored and transferred there. But if the whole thing takes place in the private sphere, you should be safe.
Ok, it might sound stupid to you, but the server is public and not private? Or do I understand something wrong.
The IP is a personal data. See BGH judgment.
In order to be allowed to save them at all, an occasion is required. Sure, of course there's one here.
Nevertheless, a data protection declaration is of course necessary. Because personal data is processed. Just read it, comes right at the beginning in the GDPR.
And to conclude from the fact that a DS explanation generator for websites for an MC server does not fit - oh wonder - that it does not need an explanation is so obviously nonsense that I thank you for it. It shows again impressively your complete ignorance.
But at least you write what our questioner would like to hear here. That's why he's happy…
Exactly, that's why I have been self-employed for 16 years, have had a public server for 7 years and sell ranks, for the McServer no GDPR and my lawyer is an A… Hole… All right…
Your sworn does nothing to change the legal situation, which is quite clear.
Your luck is simply that violating the GDPR does not violate competition law. So we're spared the delusion of warnings from warning associations and pseudo-competitors. Nevertheless, it remains a violation.
Private = private purposes. Private purposes can also be publicly available. You do it for you and your friends, so don't worry too much about GDPR.