Sorry for the delay! Right before next meeting.. # GDPR & XSF 9
At [email protected] - 2018/04/26 10:30 UTC Attendees: winfried, Ge0rG, jonasw, pep. Date of Next: 2018/04/30 10:30 UTC https://gdpr-info.eu/ Q1) 1. What consequences does the GDPR has for the Jabber network? 2. .. Jabber server operators? 3. .. what can/should do the XSF with that? Q2) What consequences does the GDPR has for the XSF running Jabber server? Q3) What consequences does the GDPR has for the work processes of the XSF itself (membership, voting, wiki etc)? ## Q1 ### Q1.1 #### e) Analyse possible consequences https://wiki.xmpp.org/web/GDPR/Table Correction on MAM in the table (among others): https://wiki.xmpp.org/web/index.php?title=GDPR%2FTable&type=revision&diff=10162&oldid=10141 It is no different than any other messages, which means under the recipient's consent (6.1a) once transfered to the other side, and not legitimate third-party interest (6.1f). Server logs: - "[..] to the extent strictly necessary and proportionate" (r49) Remote components: - Implicit consent: "processing is necessary for the performance of a contract [..]" (6.1b) Data that will need to be deleted on Right to Erasure (17.1) request: - MAM contents - Offline messages (if separate from MAM) - Roster - XML Private Storage - PEP - other custom processing? Technical TODO: No way to truncate MAM via protocol currently Technical TODO: HTTP-upload-ed files can't be requested for deletion. Jonas started https://mail.jabber.org/pipermail/standards/2018-April/034827.html Technical TODO: Include "Privacy Considerations" in the XEP template ## Q2 Upcoming -- Maxime “pep” Buquet
signature.asc
Description: PGP signature
