Difference between revisions of "GDPR/Table"
(Update table to discussion 8&9 (last one from memory)) |
|||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
{| class="wikitable" | {| class="wikitable" | ||
! Data (Q1.1b) | |||
! Processing (Q1.1c) | |||
! Ground for processing (Q1.1d) | |||
! Resolution (Q1.1e) | |||
|- | |- | ||
| Credentials | | Credentials | ||
Line 14: | Line 14: | ||
| Implicit permission (art 6.1b) | | Implicit permission (art 6.1b) | ||
| | | | ||
- | - Guidlines for server operators | ||
- | - EULA Template | ||
- IBR Link to template (EULA XEP) | |||
|- | |- | ||
| | |rowspan="2"| | ||
User metadata | User metadata | ||
Line 35: | Line 37: | ||
- Expose presence, last activity to other users | - Expose presence, last activity to other users | ||
| Implicit permission (art 6.1b) | | Implicit permission (art 6.1b) | ||
| | |rowspan="6"| | ||
- | - Guidelines for server operators | ||
- Template EULA | |||
- | - EULA XEP | ||
|- | |- | ||
| | | | ||
Line 47: | Line 51: | ||
- storage while receiving server is online | - storage while receiving server is online | ||
| Implicit permission (art 6.1b within EU, art 49.1b outside EU) | | Implicit permission (art 6.1b within EU, art 49.1b outside EU) | ||
|- | |- | ||
| | |rowspan="5"| | ||
User content | User content | ||
Line 75: | Line 73: | ||
- Store offline messages until client connects | - Store offline messages until client connects | ||
| Implicit permission (art 6.1b) | | Implicit permission (art 6.1b) | ||
|- | |- | ||
| | | | ||
Line 91: | Line 78: | ||
- MAM on MUC | - MAM on MUC | ||
| | | Implicit permission (art 6.1b) | ||
|- | |- | ||
| | | | ||
Line 99: | Line 85: | ||
- handing over to receiving server | - handing over to receiving server | ||
| Implicit permission (art 6.1b within EU, art 49.1b outside EU) | | Implicit permission (art 6.1b within EU, art 49.1b outside EU) | ||
|- | |||
| | | | ||
S2S: | |||
- | - Storage on remote server with MAM | ||
- MAM on MUC | |||
| Implicit permission (art 6.1b) | |||
|- | |- | ||
| | | | ||
C2S: | |||
- Store MAM and files | |||
| Explicit consent (art 6.1a) | |||
| | |||
- Guidelines for server operators | |||
- | - Template EULA | ||
- MAM | - Consent in MAM-XEP | ||
|- | |- | ||
| Server logs | | Server logs | ||
Line 123: | Line 115: | ||
- typical: some days weeks (logrotate), with IP adderesses and message metadata | - typical: some days weeks (logrotate), with IP adderesses and message metadata | ||
| Recital 49 | | Recital 49 | ||
| | | | ||
- Guidelines for server operators | |||
|- | |- | ||
| Usage of remote components (e.g. roster management, transports) | | Usage of remote components (e.g. roster management, transports) | ||
Line 137: | Line 130: | ||
- others: implicit permission (art. 6.1b) | - others: implicit permission (art. 6.1b) | ||
| | | | ||
- | - Guidelines for server operators | ||
- Template EULA | |||
- EULA XEP | |||
|- | |- | ||
| S2S metadata | | S2S metadata | ||
| Logging in server logs | | Logging in server logs | ||
| Not subject to GDPR | |colspan="2" style="text-align: center;"|Not subject to GDPR | ||
|- | |- | ||
| Spam detection is '''NOT '''covered | |colspan="4" style="text-align: center;"|Spam detection is '''NOT '''covered | ||
|} | |} |
Latest revision as of 22:00, 29 April 2018
Data (Q1.1b) | Processing (Q1.1c) | Ground for processing (Q1.1d) | Resolution (Q1.1e) |
---|---|---|---|
Credentials |
C2S: - Stored as long as the account exists - Check user JID against well-known spammer patterns |
Implicit permission (art 6.1b) |
- Guidlines for server operators - EULA Template - IBR Link to template (EULA XEP) |
User metadata - IP address - Presence, timestamp of last available presence |
C2S: - Stored during connection - Stored with account - Spam detection - Expose presence, last activity to other users |
Implicit permission (art 6.1b) |
- Guidelines for server operators - Template EULA - EULA XEP |
S2S: - handing over to receiving server - storage while receiving server is online |
Implicit permission (art 6.1b within EU, art 49.1b outside EU) | ||
User content - roster content (with names) - bookmarks - offline/MAM history - server-side file storage (http-upload) - PEP |
C2S: - Store roster and bookmarks with account - Store PEP in RAM - Store offline messages until client connects |
Implicit permission (art 6.1b) | |
C2S: - MAM on MUC |
Implicit permission (art 6.1b) | ||
S2S: - handing over to receiving server |
Implicit permission (art 6.1b within EU, art 49.1b outside EU) | ||
S2S: - Storage on remote server with MAM - MAM on MUC |
Implicit permission (art 6.1b) | ||
C2S: - Store MAM and files |
Explicit consent (art 6.1a) |
- Guidelines for server operators - Template EULA - Consent in MAM-XEP | |
Server logs |
C2S: - minimal: no logs - typical: some days weeks (logrotate), with IP adderesses and message metadata |
Recital 49 |
- Guidelines for server operators |
Usage of remote components (e.g. roster management, transports) |
S2S: - Handing over metadata - Handing over user consent |
- Roster management: user consent - others: implicit permission (art. 6.1b) |
- Guidelines for server operators - Template EULA - EULA XEP |
S2S metadata | Logging in server logs | Not subject to GDPR | |
Spam detection is NOT covered |