Difference between revisions of "GDPR"

Jump to navigation Jump to search
(Add results of first discussion)
(Adding second discussion)
Line 67: Line 67:


==== Q1.1d List legal grounds for the processing ====
==== Q1.1d List legal grounds for the processing ====
TBD
''Related articles: 6.1a, 6.1b, 9.1, 9.2a, 13.4, 13''


==== Q1.1e Analyse possible consequences ====
What legal grounds for the processing are possible partly depends on the question whether user-sent content falls under art. 9.1 or not. We need legal advice here (See LQ1 below)


winfried > I have a feeling that as long as we don't analyse data (content AND
===== C2S: =====
metadata) on patterns that indicate categories from art. 9.1, 9.2, GDPR is not
applicable.


jonasw > I think what we *at the very minimum* learn from this given the
If user-sent data IS NOT subject to art. 9.1:
technical means in the Jabber network is: you absolutely must not do any kind
Art. 9.1b can be used as ground for processing, so the permission is implicitly granted when signing up for the XMPP service. The EULA must then contain information about the information processed.  
of data mining on message content whih might come from federation.


If user-sent data IS subject to art. 9.1:
The ground for processing has to be art. 9.2, explicit consent.


===== S2S: =====
Consent, as in article 6.1a or 9.2 is problematic as giving consent to other servers is harder and not widespread.


Can transfer to and processing by an other server also be covered by art. 6.1b? See LQ2 below. Also possibly relevant: 6.1f, see also https://www.gdpreu.org/the-regulation/key-concepts/legitimate-interest/


Logs
'''Note by Winfried''': we should here distinguish between the ground for the transfer to the other server itself and the ground for processing by the other server.
Data should not be stored for more time than necessary. See recital 49:
> The processing of personal data to the extent strictly necessary and
> proportionate


as giving consent to other servers is harder and not widespread
==== Q1.1e Analyse possible consequences ====
(Work in progress)


===== C2S: =====
Preliminary notes:
* The processing of personal data to the extent strictly necessary and proportionate
* It could be argued that storing very sensitive personal information, albeit for a short time, unencrypted, visible to anyone with access to the backend server (and perhaps more), does not constitute proportional data protection measure, knowing how sensitive the information can be in some cases. It could therefore also be argued, that the processing “reveals” this information to
unauthorized persons, by the way it is implemented. It could therefore be argued, that such processing is contrary to what is required by article 9.
* Even with consent, "proportional means of protection" is required, so encryption (i.e., full-disk) might be necessary to check that box. If user-sent content is subject to art. 9.1, then the "proportional" from "proportional means of protection" becomes harder.
* Article 35?
* Logs
** See recital 49:
** Data should not be stored for more time than necessary.
===== S2S: =====
Preliminary notes:
* I think what we *at the very minimum* learn from this given the technical means in the Jabber network is: you absolutely must not do any kind of data mining on message content which might come from federation.


=== Q1.2: What consequences does the GDPR has for the XMPP server operators ===
=== Q1.2: What consequences does the GDPR has for the XMPP server operators ===
Line 102: Line 116:


Personal data the XSF holds:
Personal data the XSF holds:
- Email of wiki users (for account creation)
* Email of wiki users (for account creation)
- Voting results, that could be considered as "political opinions".
* Voting results, that could be considered as "political opinions".


The rest of the information given when applying for membership, (fullname,
The rest of the information given when applying for membership, (fullname,
jid/email, employer, etc.) like everything else on the wiki, as well as
jid/email, employer, etc.) like everything else on the wiki, as well as
messages on public MUCs, falls under art. 9.2 e):
messages on public MUCs, falls under art. 9.2 e):
> Processing relates to personal data which are manifestly made public by the
Processing relates to personal data which are manifestly made public by the data subject;
> data subject;
 


== ToDo's ==
== ToDo's ==
# Link with IETF and other projects with similar issues.
# Link with IETF and other projects with similar issues.
# ask for legal advice on art. 9.1
# Read chapter 5 about transfer of personal data
 
== Lawyer Questions ==
 
=== LQ1 user-sent content and art. 9.1 ===
Does 9.1 automatically apply to all (not e2e encrypted) user-sent content, or only if we are analyzing it for profiling/other purposes? Does using e2e encryption change this?
 
=== LQ2 transfer to other controller and art. 6.1b / 6.1f ===
Can (implicit) consent as in art. 6.1b also apply to transfer to other controllers (as in other XMPP server operators)?
 
'''Note by Winfried''': see also discussion about art. 6.1f above. Maybe we should rephrase this question.


== Contributors: ==
== Contributors: ==
Ge0rG, jonasw, pep., peter.waher &  winfried
Ge0rG, jonasw, pep., peter.waher &  winfried
Retrieved from "https://wiki.xmpp.org/web/GDPR"