by TJ Murphy, @teej_m on Twitter
This article was originally published on Towards Data Science on Jan 18, 2019.
It always starts with an innocent observation. “We get a lot of traffic from Boston,” your boss remarks. You naturally throw out a guess or two and discuss why that might be. Until your boss drops the bomb —
“Can you dig into that?”
Darn it. You walked right into that one.
Now you’re in a predicament. You know Google Analytics has traffic by geographic location, but that’s not gonna cut it. If you want to report on those retention rates, lifetime values, or repeat behaviors by geo, you need something you can query with SQL, something that lives in your data warehouse. But you don’t have anything like that. You know there’s user IP addresses in your log data, you just need to turn them into locations. But Redshift doesn’t have a way to do that.
Reasons For Changes
MaxMind has always been committed to an individual’s right to privacy on the internet. We welcome the burgeoning privacy regulations, such as GDPR and CCPA, for the benefit they can provide to internet citizens. However, these new legislative measures place restrictions that impact our ability to continue distributing our GeoLite2 databases on a public page under the Creative Commons Attribution-ShareAlike 4.0 International License.
We recognize the impact of these changes on the open source community and we do not take these decisions lightly. We want to communicate these changes with transparency and ensure we are balancing your business needs with the privacy needs of individuals.
The California Consumer Privacy Act (CCPA) mandates that businesses honor valid “Do Not Sell” requests from California residents. In this context, complying with a valid request involves MaxMind removing IP addresses from the GeoLite2 data and communicating to GeoLite2 users that the IP addresses in question should (immediately) not be utilized for uses covered under the CCPA. Serving GeoLite2 database downloads on a public page simply does not allow us to communicate and honor valid “Do Not Sell” requests we receive from individuals.
The solution we have chosen is to introduce a new end-user license agreement containing the relevant data processing provisions that both we, as the business providing data, and you, as the third party user of the data, need to comply with applicable data privacy regulations. Additionally, by requiring a MaxMind account and contact information from you, we will be able to communicate all valid “Do Not Sell” requests to you as we receive them.
With this approach, we can continue to offer GeoLite2 databases, without charge, while remaining responsible stewards of data that improves the experience of countless users across the internet.
Earlier this year, we announced our plans to discontinue the GeoLite Legacy databases. As part of sharing that decision with you, we mentioned that we would be removing latitude and longitude coordinates from the GeoLite2 databases in 2019.
After careful consideration, taking into account customer feedback, we have decided against removing latitude and longitude coordinates from the GeoLite2 databases. We are in the process of reviewing coordinates used in all of our GeoLite2 and GeoIP databases to ensure there is no risk of misuse.
Moving forward, we will still be discontinuing the GeoLite Legacy databases and will continue to support open source through our GeoLite2 databases. Please continue to check our blog, Support Center, websites, and our Twitter and LinkedIn accounts for additional updates on our review of GeoLite2 database coordinates.
At MaxMind, “open communication” is one of our core values. We’re listening to you and we take your feedback seriously.
Additional information can also be found in our earlier blog: Discontinuation of the GeoLite Legacy Databases.
GeoLite2 databases are free IP geolocation databases comparable to, but less accurate than, MaxMind’s GeoIP2 databases. Please remember to use the accuracy radius if displaying coordinates on a map.