I think EU data protection regulations don't work as you think they do. You can collect personal data to your heart's content, and you can make the collection mandatory. In fact, very often you have to (e.g. if you are opening a bank account you have to collect all kinds of personal data). But you have to provide for a way to remove that data; I think it is similar in the US. Also there are some stringent requirements on how you use the data: protect access to it with a password, store securely, do not share it with others without user consent, and so on.
As long as you are not collecting personal data, or data that can be used to identify you, then there is no need to do any of that. Example of personal data: your name. Example of data that can be used to identify you: your IP address. (Yes, every time you collect IP addresses in your weblogs, you are entering EU data protection territory. Funny, huh?) Example of data that might be used to identify you in some bizarre scenario but nobody cares about: your hardware information, your configuration is probably shared with the other 1000s of people that bought the same machine. And anyway nobody can prove that this particular configuration is only yours.
So remove all unique MAC-like information, anonimize the IP addresses and you are golden.
Disclaimer: IANAL (but I paid good money to a real lawyer to learn about these things). I may misrepresent everything in the little puppet theater inside my head.
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds