OVH Community, your new community space.

Logging Laws

06-12-2009, 23:07
Ah right ok, when i looked at it was told that technically speaking you would need said license if you hold *ANY* personal information on people... Infact i think I have a business link info sheet someone telling me so :O

Weird. O well.

06-12-2009, 23:04
No, no. There's no "License". In most cases simply notifying the customer about the data you retain, ie, how it's used, where it's stored, how to delete it, etc. is enough. Some companies may be required to register themselves into a searchable database (that's the fee you mention). Have a look at and answer the questionaire to see if you're required to register as a company.

Funny thing is that just yesterday I filed a 2nd complaint with the ICO (Information Commissioner's Office) about something related. See, all UK companies are required to adhere to the DPA - in fact, all EU companies have to but the UK version is slightly different than the EU mandate. This is also why you have to be careful about where (and how) you store customer data. Preferably you'd simply store it in the UK, EU otherwise, or a US company that is part of the Safe Harbor program (Amazon is, for example). My complaint was for a UK individual, targeting UK customers, but hiding behind a US corporation in order to avoid the DPA and allow him to spam -- whilst the data itself is stored in the UK. So yes, apparently it's darn easy to get around this (and the ICO came back with their tails between their legs, saying they could do nothing - hence my 2nd complaint).


06-12-2009, 22:35
Just to mention, someone mentioned about the Data Protection act.

Most probably don't realise but technically speaking everyone who has even a simple user database should have a Data protection license (costs around 90/yr) and needs a Data controller identified on the license...

Now i would probably say 99.9999999999% of websites and webhosts dont do this... lol

02-12-2009, 07:42
Your best bet is to keep access logs for one calendar month. It wouldn't hurt to keep a copy of all your older access logs at home/backup.

And you must adhere to:
British Law (English, not Scottish or Welsh)
French Law
EU Law

in that order iirc.

01-12-2009, 18:58
Quote Originally Posted by Andy
French laws do not apply if you are an British customer I believe. You adhere to British laws.
I believe it would be a bit of both.

The servers are hosted in France (unless I'm mistaken?), therefore you would have to comply with certain french laws, such as the type of content /service that can be legally hosted.

Additionally, since you are british you have to comply with british laws, even if the servers are 'hosted elsewhere' since in the simplists of terms, you are still conducting business in the UK.

OVH's terms may vary for british customers, to accomidate for certain differences in laws but that would be a bit unusual since the OVH business is french and they only have to comply with french laws in regards to the parts located in france. Ovh may have an office in the uk which is abstract from the main business and is simply that, an office, a point of sales /support?

edit: you may have to keep records, best bet is to contact a legal professional, possibly pay a little fee for a phone conversation and get a list of legal requirements. I know in the uk hosts are supposed to keep a copy of all ingoing and outgoing e-mails or similar.

25-11-2009, 21:39
I think that is primarily for ISPs and proxy owners. That said you can install a proxy on a shared host with ease... but not very easy to track the usage for the hosting provider

25-11-2009, 19:59
I assume your talking about

the only thing in that i could find that might apply is

Web Activity Logs – retention period 4 days. Proxy server logs (date/time, IP address used, URL’s visited, services. The data types here will be restricted solely to Communications Data and exclude content of communication. Web browsing information is retained to the extent that only the host machine or domain name (web site name) is disclosed. For example, within a communication, data identifying would be traffic data, whereas data identifying would be content and not subject to retention.
Is that for ISP's only, people who run proxy servers or people who run web servers?

25-11-2009, 18:29
I'm aware of the Data Protection Act, but that requires you to disclose what kind of personally identifiable data you keep and for what purpose. Not sure if there's a legal requirement to keep logs as a web hosting provider though (ISP perhaps, but that's different - no?)

25-11-2009, 18:06
It probably does but I doubt anyone adheres to it really, lol.

25-11-2009, 17:58
Does UK law have anything similar?

25-11-2009, 17:19
I agree with Andy. T&Cs are drawn up for British law, not French, so we must adhere to those accordingly.

25-11-2009, 16:17
French laws do not apply if you are an British customer I believe. You adhere to British laws.

25-11-2009, 15:08
What are the french laws concerning what data I have to log with a shared hosting server? I remember vaguely someone mentioning this some time ago..