GDPR/Table
| Data (Q1.1b) | Processing (Q1.1c) | Ground for processing (Q1.1d) | Resolution (Q1.1e) |
|---|---|---|---|
| Credentials |
C2S: - Stored as long as the account exists - Check user JID against well-known spammer patterns |
Implicit permission (art 6.1b) |
- Guidlines for server operators - EULA Template - IBR Link to template (EULA XEP) |
|
User metadata - IP address - Presence, timestamp of last available presence |
C2S: - Stored during connection - Stored with account - Spam detection - Expose presence, last activity to other users |
Implicit permission (art 6.1b) |
- Guidelines for server operators - Template EULA - EULA XEP |
|
S2S: - handing over to receiving server - storage while receiving server is online |
Implicit permission (art 6.1b within EU, art 49.1b outside EU) | ||
|
User content - roster content (with names) - bookmarks - offline/MAM history - server-side file storage (http-upload) - PEP |
C2S: - Store roster and bookmarks with account - Store PEP in RAM - Store offline messages until client connects |
Implicit permission (art 6.1b) | |
|
C2S: - MAM on MUC |
Implicit permission (art 6.1b) | ||
|
S2S: - handing over to receiving server |
Implicit permission (art 6.1b within EU, art 49.1b outside EU) | ||
|
S2S: - Storage on remote server with MAM - MAM on MUC |
Implicit permission (art 6.1b) | ||
|
C2S: - Store MAM and files |
Explicit consent (art 6.1a) |
- Guidelines for server operators - Template EULA - Consent in MAM-XEP | |
| Server logs |
C2S: - minimal: no logs - typical: some days weeks (logrotate), with IP adderesses and message metadata |
Recital 49 |
- Guidelines for server operators |
| Usage of remote components (e.g. roster management, transports) |
S2S: - Handing over metadata - Handing over user consent |
- Roster management: user consent - others: implicit permission (art. 6.1b) |
- Guidelines for server operators - Template EULA - EULA XEP |
| S2S metadata | Logging in server logs | Not subject to GDPR | |
| Spam detection is NOT covered | |||