Hello Goffi, thank you for the proposal.
While reviewing the protoXEP, I noticed that it currently does not
include any reference to:
- the legal basis for data processing, as required under Article 6 of
the GDPR (this is a key element for any service operating in or serving
users from the EU);
- the categories of personal data processed by the service;
- metadata processing information;
- explicit consent of the user to data processing.
I would suggest introducing a field, similar to the one described in
§3.6 for the Terms of Service, to link to the Privacy Policy. If the
service provider does not supply this link, the XMPP client SHOULD
explicitly inform the user with a disclaimer, indicating that the
Privacy Policy has not been disclosed by the service. Conversely, if the
link is present, the client SHOULD make it visible to the user by
displaying the corresponding URI in an easily accessible manner.
Moreover, if the Privacy Policy has been declared by the service
provider, there SHOULD be a field that allows the user to explicitly
give consent to data processing, in compliance with applicable data
protection regulations.
Kind regards
Mario
Il 26/06/25 13:14, Goffi ha scritto:
Le jeudi 26 juin 2025, 13:07:54 heure d’été d’Europe
centrale Goffi a écrit :
Dear XMPP fellows,
{SNIP]
Best,
Goffi
Also I know that there are some lawyers in the XMPP community. I would very
love to have their input on the best way to show which law apply.
Currently, XEP-0080 is used to indicate the location of the servers (and I've
proposed a change which is in discussion to add ISO 3166-2 `regioncode` so we
can know the administrative region were the data are.
Is this enough to know if, e.g., GDPR apply? Or should we get a field with
other data (which)?
Thanks in advance,
Goffi
_______________________________________________
Standards mailing list -- standards(a)xmpp.org
To unsubscribe send an email to standards-leave(a)xmpp.org