I haven't researched it yet, but I've been guessing/wondering that relying on logfile stats like these removes GDPR cookie notification requirements for your site. I should probably finalize my understanding of that one way or the other. :)
It’s important to point out that IP addresses are considered PII, therefore storing them in log files requires to have a data privacy policy for all affected persons.
Ah, I -- a lame USian -- assumed that essentially default apache logging was "OK." I've been wondering what's the maximum you can log without data privacy rearing its head, so I guess it's a little tighter than I thought!
Probably you can since you are not setting up any cookie on user's device. But most likely you are using some web fonts or CDN which might set some cookie. So for modern web application it will be really hard unless you host everything yourself and rely on server logs for any analytics.
You have to be careful though if you are processing API request and capturing personally identifiable information. Your logs also need to be GDPR compliant.
Gdpr and cookie notifications are different things though. You can still run Pikmin or something similar on your own infra, set cookies from it, and be gdpr compliant as long as you don't collect pii. (And comply with other parts)
