We store the email addresses of our members and registered users in order to stay in touch, and to recognise you when you log in. Beyond that, there is an ongoing and increasingly urgent debate about how personal data is being treated by web-service providers in Europe, and more generally by providers who offer services to persons residing in Europe. When we use the term ‘personal data’ here, we refer to data that can be used to identify, locate, or profile a specific person.

Why does this matter? A brief history of GDPR

In 2018, the European Union introduced regulation to ensure that we can remain anonymous to the largest possible extent when we navigate the web. The General Data Protection Regulation (GDPR) made it unlawful to store personally identifying data — such as identifiable IP addresses — by default.

Was this piece of legislation introduced because of some European countries‘ recent experience with totalitarian state policies? Prior to 1990, many Europeans lived under regimes that sought to monitor and control their lives to degree that people in places like Western Europe and the United States had not experienced. There was, accordingly, broad consensus among Europeans that safeguards had to be established against such surveillance and control in the future. That conviction grew stronger as new, mass-distributed digital technologies gained a foothold among ordinary consumers — here was an instrument that could enable states, corporations, and other non-state actors to monitor our movements, desires, and most private moments with unprecendented intimacy. Those with first-hand experience of mass surveillance and the totalitarian impulses of those who wielded power saw the danger clearly; this was a technology that had to be regulated and kept on a leash.

From the beginning there was tension over how US-based digital platform companies should operate in Europe to comply with GDPR. In recent years this has escalated into a sustained legal confrontation, with regulators pressing for substantial fines against companies such as Meta, Alphabet, and Amazon for their use of excessively personal data. When a platform collects data that could identify your street address, phone number, age, gender, and consumer preferences — and then uses that data to sell consumers to advertisers, this is clearly in breach of GDPR's principle of data minimisation, which prohibits collection beyond what is strictly necessary for a stated purpose. Cross-service data sharing (e.g., Meta using social media data for ad targeting) equally violates GDPR's purpose limitation principle.

In response, the major platform corporations and their lobbyists have aligned themselves with politicians willing to weaken GDPR's provisions — framing the regulation, with some persistence, as a threat to innovation and a form of disguised protectionism. The counter-argument — that these are simply powerful American corporations seeking unimpeded access to the personal data of European citizens — has not gone away. This dispute has since moved from the courts to the diplomatic level, where GDPR has become a proxy for a larger contest: between a transactional view of the digital space as an open market, and European attempts to assert some measure of autonomy in the face of overwhelming platform-capital concentration.

But, what is the GDPR, and how does it affect the operations of the Ereignis Center for Philosophy and the Arts?

GDPR draws a clear line between data we may collect and data we may not. Here is what we are allowed to collect:

1. We may register a partial IP address — that is, with enough bytes removed that it cannot identify you on a personal level. This tells us roughly which country a visit comes from and which pages were viewed. We learn nothing about you personally.
2. We may store personally identifying data where you have given explicit, informed consent. Our data storage policy page explains our compliance in full.
3. When you create an account you actively consent to our terms of use by ticking a consent box. This allows us to log the time of your visits alongside any information you have chosen to store in your profile — your name, affiliation, bio, and so on. The only information we require is your email address, the bare minimum to be able to maintain your account. Whatever you share with remains your property — you can update or remove it at any time from your Settings page. (If you prefer additional anonymity, it is straightforward to register with a privacy-focused address from a provider such as Proton Mail, or to use email aliasing. Further security is possible with Virtual Private Networks (VPN).)

What obligations does GDPR place on providers of web-services, such as the Ereignis Center for Philosophy and the Arts?

1. Visitor data must be minimised and anonymised.
2. Visitors must give explicit, informed consent before any cookies are stored on their browser. We use a cookie banner for this purpose; our Cookies page provides full details.
3. You own your data. This means you have the right to access, correct, and delete any information we hold about you. You can exercise these rights via your Settings page, and the relevant provisions are set out in full on our Policy pages.

Is it important to enable anonymous use of internet services today?

The notoriously totalitarian regimes of the Cold War era are now largely a part of the historical record, but the conditions that made GDPR necessary have not disappeared. You may be an activist, a researcher working on sensitive topics, or simply someone who lives in or travels through a country where surveillance remains a relevant concern. The 2026 Varieties of Democracy (V-Dem) report from the University of Gothenburg found that “the world has never before seen as many countries autocratizing at the same time as during the last few years” (source). 41% of the world population — around 3.4 billion people — now live in autocratizing countries. In this context, we believe it matters that the Ereignis Centre contributes to a culture of protection rather than exposure.

Beyond legal compliance, this is also a matter of basic courtesy. Your preferences and private details belong to you. Our users decide for themselves what they want to share.

Finally, does not our ethical obligation to our neighbour command that we treat our visitors as something else and other than objects reducible to metrics; if we accept a neighbour approaching us as the traumatic kernel of our existence, should we seek to allow the opaque Real of the other to enter into our world?