71
edits
Difference between revisions of "GDPR"
Jump to navigation
Jump to search
→Lawyer Questions: Updating with answers (see logs of meeting 6)
(→Technical ToDo: Adding notes from meeting 5) |
(→Lawyer Questions: Updating with answers (see logs of meeting 6)) |
||
| Line 182: | Line 182: | ||
=== LQ1 user-sent content and art. 9.1 === | === LQ1 user-sent content and art. 9.1 === | ||
Does 9.1 automatically apply to all (not e2e encrypted) user-sent content, or only if we are analyzing it for profiling/other purposes? Does using e2e encryption change this? | Does 9.1 automatically apply to all (not e2e encrypted) user-sent content, or only if we are analyzing it for profiling/other purposes? Does using e2e encryption change this? | ||
# Lawyer 1: Message content is similar to picture uploads. As long as we treat it as an | |||
opaque blob and don't analyse it, art9 doesn't apply, (See r51). Not sure how this plays with mod_firewall processing, spam filtering etc. | |||
# Lawyer 2: 9.1 is not applicable because it is revealed by the user (9.2e). | |||
So user content is NOT subject to art. 9.1 | |||
=== LQ2 transfer to other controller and art. 6.1b / 6.1f === | === LQ2 transfer to other controller and art. 6.1b / 6.1f === | ||
Can (implicit) consent as in art. 6.1b also apply to transfer to other controllers (as in other XMPP server operators)? | Can (implicit) consent as in art. 6.1b also apply to transfer to other controllers (as in other XMPP server operators)? | ||
* The transfer to the other itself can be covered by 6.1b (and 49.1b when transfer outside the EU), because it is necessary to deliver the service the user requested. | |||
''' | * The processing on the other server can also be covered by 6.1b, but '''only''' as long as not further processing is done. | ||
== Contributors: == | == Contributors: == | ||
Ge0rG, jonasw, pep., peter.waher & winfried | Ge0rG, jonasw, pep., peter.waher & winfried | ||