Re: Ge0rG > I think there is still no clear consensus whether IP addresses are PII or not
Yes IP addresses will be PII under GDPR, especially where the end user has a fixed IP. David. > On 7 Apr 2018, at 13:39, Maxime Buquet <[email protected]> wrote: > > # GDPR & XSF 3 > > Attendees: Anu, Ge0rG, pep., winfried > 2018-04-06 13:15CEST - at [email protected] > Date of next: 2018-04-09 10:30CEST > > Q1) > 1. What consequences does the GDPR has for the Jabber network? > 2. .. Jabber server operators? > 3. .. what can/should do the XSF with that? > > Q2) What consequences does the GDPR has for the XSF running Jabber server? > > Q3) What consequences does the GDPR has for the work processes of the XSF > itself (membership, voting, wiki etc)? > > > ## Q1 > ### Q1.1 > #### What data is being processed > S2S: > > - s2s meta-data (IPs, hostnames, sessions, server logs?) - GDPR probably > doesn't apply > - user meta-data (presence, subscriptions, message routing) > - user content (messages, pubsub, etc.) > - MUC history, MUC MAM > - Remote components (e.g., roster management) > > #### What processing is being done > > S2S: > > - s2s meta-data: typically just inside of server logs. r49 probably applies > - user meta-data: all transfer requires (implicit) user consent - by joining a > MUC or sending a messages to somebody or accepting a subscription > - Archiving (MAM, MUC MAM) > > Also, transfer between parties within/outside the EU being treated separately > in the text, we might need to apply different restrictions. > > > LQ from Anu: > - What info (presence/server logs) counts as pii and has to be purged when > right to be forgotten is involved? > winfried > pii is quite well defined > Ge0rG > I think there is still no clear consensus whether IP addresses are > PII or not > > > -- > Maxime “pep” Buquet
