GDPR

From XMPP WIKI
Revision as of 16:27, 28 March 2018 by Winfried (Talk | contribs) (Creation of page 'Research on the GDPR for XMPP and the XSF', first outlines)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Introduction

On may the 25th of 2018 the new EU General Data Protection Regulation (GDPR) will be enforced. This page is a growing page, collecting the research done on the consequences of the GDPR for XMPP and the XSF. There are three fields where the GDPR probably will have an impact and that will be of concert to the XSF:

  1. The public (federating) XMPP network
  2. The XSF run XMPP server
  3. The functioning of the XSF, like the membership applications and the voting

Methodology

We decided to roughly follow the lines of the Data Protection Impact Assessment (DPIA) as mandated by the GDPR:

  1. Check if the GDPR is applicable (jurisdiction)
  2. List what data is processed
  3. List what processing is done
  4. List legal grounds for the processing
  5. Analyse possible consequences

Collaboration with IETF was mentioned during previous board meeting that started this ad-hoc group. Who is working on it, (how) should we collaborate with them?

Q1: What consequences does the GDPR has for the Jabber network, Jabber server operators and what can/should the XSF do with that?

Q1.1: What consequences does the GDPR has for the Jabber network?

Q1.2: What consequences does the GDPR has for the Jabber network, Jabber server operators

Q1.3: What can/should the XSF do with it?

Q2: What consequences does the GDPR has for the XSF run Jabber server?

Q3: What consequences does the GDPR has for the work processes of the XSF itself (membership, voting, wiki etc)?

ToDo's

  1. Link with IETF and other projects with similar issues.


Contributors:

Ge0rG, jonasw, pep., peter.waher & winfried