This is a topic I keep revisiting. It's constantly evolving, with new laws in different parts of the world happening pretty often. And also there's a lot of grey area with vague or incomprehensive language that hasn't yet been tested in courts.

I recognize that it's a bit of a niche topic, but I think there are a lot of us at Tildes who have to think about it. After all it potentially impacts anyone maintaining or building a non-platform web presence. It also applies to less obvious things like running an advertising campaign that involves media requested from a server you control (which can therefore potentially log requests).

For my part, I've needed to research laws relating to PII in order to come up with policies and practices in various contexts. In broad strokes it's pretty simple but as you get into details what I continue to find is that there are a lot of conflicting opinions both from professionals and lawyers. A lot of it is still open to interpretation.

I'm wondering what kinds of experience other tildenauts have around data protection and PII? Have you implemented solutions? Do you wonder about it for your own websites? Have you been involved with it at companies where you've worked? Do you have questions about it?