So, this weekend, I randomly ended up looking at the members
table in one of my Ghost instances and found an interesting column named geolocation
:
Now, this is obviously used to display the location of a member in the members overview in the Admin.
I was a bit surprised of the amount of information that’s in here. IP address, (supposed) coordinates, name of the ISP (“organization_name”).
Now, storing IP addresses technically is collection of personal data under GDPR (and many other privacy regulations). So…problematic.
I get why it’s done. I personally don’t like it. Especially since this is not documented anywhere and most people using Ghost won’t even know it’s happening.
My wish: let’s make this an explicit opt-in. Potentially when setting up a newsletter. That way, it’s clear that Ghost is storing IP addresses and as webmasters we can choose whether we want that or not.