On may the 25th of 2018 the new EU General Data Protection Regulation (GDPR) will be enforced. This page is a growing page, collecting the research done on the consequences of the GDPR for XMPP and the XSF. There are three fields where the GDPR probably will have an impact and that will be of concert to the XSF:
- The public (federating) XMPP network
- The XSF run XMPP server
- The functioning of the XSF, like the membership applications and the voting
We decided to roughly follow the lines of the Data Protection Impact Assessment (DPIA) as mandated by the GDPR:
- Check if the GDPR is applicable (jurisdiction)
- List what data is processed
- List what processing is done
- List legal grounds for the processing
- Analyse possible consequences
Collaboration with IETF was mentioned during previous board meeting that started this ad-hoc group. Who is working on it, (how) should we collaborate with them?
Q1: What consequences does the GDPR has for the Jabber network, Jabber server operators and what can/should the XSF do with that?
Q1.1: What consequences does the GDPR has for the Jabber network?
Q1.2: What consequences does the GDPR has for the Jabber network, Jabber server operators
Q1.3: What can/should the XSF do with it?
Q2: What consequences does the GDPR has for the XSF run Jabber server?
Q3: What consequences does the GDPR has for the work processes of the XSF itself (membership, voting, wiki etc)?
- Link with IETF and other projects with similar issues.
Ge0rG, jonasw, pep., peter.waher & winfried