[Members] GDPR & XSF 3 - Minutes
pep at bouah.net
Sat Apr 7 12:39:55 UTC 2018
# GDPR & XSF 3
Attendees: Anu, Ge0rG, pep., winfried
2018-04-06 13:15CEST - at xsf at muc.xmpp.org
Date of next: 2018-04-09 10:30CEST
1. What consequences does the GDPR has for the Jabber network?
2. .. Jabber server operators?
3. .. what can/should do the XSF with that?
Q2) What consequences does the GDPR has for the XSF running Jabber server?
Q3) What consequences does the GDPR has for the work processes of the XSF
itself (membership, voting, wiki etc)?
#### What data is being processed
- s2s meta-data (IPs, hostnames, sessions, server logs?) - GDPR probably doesn't apply
- user meta-data (presence, subscriptions, message routing)
- user content (messages, pubsub, etc.)
- MUC history, MUC MAM
- Remote components (e.g., roster management)
#### What processing is being done
- s2s meta-data: typically just inside of server logs. r49 probably applies
- user meta-data: all transfer requires (implicit) user consent - by joining a
MUC or sending a messages to somebody or accepting a subscription
- Archiving (MAM, MUC MAM)
Also, transfer between parties within/outside the EU being treated separately in the text, we might need to apply different restrictions.
LQ from Anu:
- What info (presence/server logs) counts as pii and has to be purged when right to be forgotten is involved?
winfried > pii is quite well defined
Ge0rG > I think there is still no clear consensus whether IP addresses are PII or not
Maxime “pep” Buquet
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the Members