GDPR/Table

From XMPP WIKI
Jump to navigation Jump to search
Data (Q1.1b) Processing (Q1.1c) Ground for processing (Q1.1d) Resolution (Q1.1e)
Credentials

C2S:

- Stored as long as the account exists

- Check user JID against well-known spammer patterns

Implicit permission (art 6.1b)

- Guidlines for server operators

- EULA Template

- IBR Link to template (EULA XEP)

User metadata

- IP address

- Presence, timestamp of last available presence

C2S:

- Stored during connection

- Stored with account

- Spam detection

- Expose presence, last activity to other users

Implicit permission (art 6.1b)

- Guidelines for server operators

- Template EULA

- EULA XEP

S2S:

- handing over to receiving server

- storage while receiving server is online

Implicit permission (art 6.1b within EU, art 49.1b outside EU)

User content

- roster content (with names)

- bookmarks

- offline/MAM history

- server-side file storage (http-upload)

- PEP

C2S:

- Store roster and bookmarks with account

- Store PEP in RAM

- Store offline messages until client connects

Implicit permission (art 6.1b)

C2S:

- MAM on MUC

Implicit permission (art 6.1b)

S2S:

- handing over to receiving server

Implicit permission (art 6.1b within EU, art 49.1b outside EU)

S2S:

- Storage on remote server with MAM

- MAM on MUC

Implicit permission (art 6.1b)

C2S:

- Store MAM and files

Explicit consent (art 6.1a)

- Guidelines for server operators

- Template EULA

- Consent in MAM-XEP

Server logs

C2S:

- minimal: no logs

- typical: some days weeks (logrotate), with IP adderesses and message metadata

Recital 49

- Guidelines for server operators

Usage of remote components (e.g. roster management, transports)

S2S:

- Handing over metadata

- Handing over user consent

- Roster management: user consent

- others: implicit permission (art. 6.1b)

- Guidelines for server operators

- Template EULA

- EULA XEP

S2S metadata Logging in server logs Not subject to GDPR
Spam detection is NOT covered