Data Processing Agreement (GDPR) and guard and middle relays


Regarding running a guard and middle relay: does the legislative demand that GDPR stipulates and the Data Processing Agreement applies to it?

Inquiry from my VPS provider if i processing personal data.



Yes all relays process personal data within the context of the GDPR. Your guard relay processes the data subject’s (in this case the user of your guard relay) IP address. And the encrypted traffic also can be considered personal data (anything that can be decrypted counts as “pseudonymous” and not “anonymous”).

If you are the data controller (which you should be if you run Tor relays) and your VPS provider is your data processor, then your VPS provider (and you) indeed needs a Data Processing Agreement.


This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.