In principle, yes, I believe it is a form of spying. Not particularly invasive nor harmful, but spying nonetheless.

Logging every page visited is not a technical requirement of serving the requested resource.

But it's just tracking something the server was asked to do - I'd say it's legitimate logging.

If you buy something at the supermarket, the supermarket keeps a record of the transaction - it's part of the process.

However if you try and link that to entities and build a pattern behaviour across multiple websites then I think you stray into spying.

Also if the tin of beans I bought at the supermarket records audio at home and uploads to the cloud - that's spying.

> Logging every page visited is not a technical requirement of serving the requested resource.

How will you know which page is having problems being served or is having performance problems?

You won’t, but that’s not what was asked.

Logging the requested resource is not a technical requirement of serving that resource.

Depends how you define “technical requirement” but I’d say 404 for example is an indication of a failure to serve a given resource. If you don’t have logging you won’t know unless someone complains which means you’ll only catch the most visible issues. Same goes for performance - everywhere I’ve ever worked serving a resource was tightly coupled to “how fast can the user retrieve that resource”.

No, since GDPR logging for page views is not something you can do without thinking what metadata you store with it and for how long.