The abuse filter has some serious problems with logging of personal information, what to log and why. There are also the problems associated with the use of such a log, and who has access to it. In some jurisdictions it may be legal to log and use such information for arbitrary actions against the users but that is not generally the case. In Norway it is legal to log such actions for the administration of the system, but as soon as it is used for actions against the users it would need a license (konsesjon) to handle such information. Note that WMF may choose to neglect the Norwegian laws in this respect as it do not have to apply to Norwegian laws.
I believe it is fairly easy to avoid all of those those problems, but I can't find any information that says that such adaptions of the code are done, or that any other measure is taken to avoid said problems. Can anyone clarify on the matter as it seems that nearly everyone just hurrays the implementation and there is no effort to solve those issues.
John