181
edits
Difference between revisions of "GDPR"
Jump to navigation
Jump to search
→Lawyer Questions
| (5 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
== Next meeting == | == Next meeting == | ||
Next meeting of the people involved is scheduled on May | Next meeting of the people involved is scheduled on May 25th 2018 at 10:30 UTC in xmpp:xsf@muc.xmpp.org | ||
== Introduction == | == Introduction == | ||
| Line 35: | Line 35: | ||
===== Roles and responsibilities ===== | ===== Roles and responsibilities ===== | ||
The GDPR knows different roles: | The GDPR knows different roles: | ||
# Data Subject - the person | # Data Subject - the person who the data is about | ||
# Data Controller - a person or organisation who collects, stores or processes data about a natural person and who determines the goals and the means of the processing of the data. | # Data Controller - a person or organisation who collects, stores or processes data about a natural person and who determines the goals and the means of the processing of the data. | ||
# Data Processor - a person (not employee of the controller) or organisation who processes data on behalves of a Data Controller. | # Data Processor - a person (not employee of the controller) or organisation who processes data on behalves of a Data Controller. | ||
# Third Party - a Data Controller that receives data from | # Third Party - a Data Controller that receives data from another Controller. This transfer of Data is a processing on its own within the GDPR. | ||
Within the XMPP network the following roles can be found: | Within the XMPP network the following roles can be found: | ||
| Line 166: | Line 166: | ||
=== Q1.2: What consequences does the GDPR has for the XMPP server operators === | === Q1.2: What consequences does the GDPR has for the XMPP server operators === | ||
Draft templates available: | |||
* [[GDPR/ToS_Template|Tos template]] | |||
* [[GDPR/Privacy_Policy_Template|Privacy Policy template]] | |||
These are WIP and will be moved to git(hub), under some template form, to allow for server operators to benefit from last changes directly. | |||
=== Q1.3: What can/should the XSF do with it? === | === Q1.3: What can/should the XSF do with it? === | ||
| Line 247: | Line 252: | ||
=== LQ1 user-sent content and art. 9.1 === | === LQ1 user-sent content and art. 9.1 === | ||
Does 9.1 automatically apply to all (not e2e encrypted) user-sent content, or only if we are analyzing it for profiling/other purposes? Does using e2e encryption change this? | Does 9.1 automatically apply to all (not e2e encrypted) user-sent content, or only if we are analyzing it for profiling/other purposes? Does using e2e encryption change this? | ||
# Lawyer 1: Message content is similar to picture uploads. As long as we treat it as an | # Lawyer 1: Message content is similar to picture uploads. As long as we treat it as an opaque blob and don't analyse it, art9 doesn't apply, (See r51). Not sure how this plays with mod_firewall processing, spam filtering etc. | ||
opaque blob and don't analyse it, art9 doesn't apply, (See r51). Not sure how this plays with mod_firewall processing, spam filtering etc. | |||
# Lawyer 2: 9.1 is not applicable because it is revealed by the user (9.2e). | # Lawyer 2: 9.1 is not applicable because it is revealed by the user (9.2e). | ||
So user content is NOT subject to art. 9.1 | So user content is NOT subject to art. 9.1 | ||