[Members] GDPR & XSF 5 - Minutes
Maxime Buquet
pep at bouah.net
Mon Apr 16 23:01:38 UTC 2018
Hi all,
Sorry for the delay.
# GDPR & XSF 5
At xsf at muc.xmpp.org - 2018/04/10 10:30 UTC
Attendees: winfried, Ge0rG, jonasw, pep.
https://gdpr-info.eu/
Q1)
1. What consequences does the GDPR has for the Jabber network?
2. .. Jabber server operators?
3. .. what can/should do the XSF with that?
Q2) What consequences does the GDPR has for the XSF running Jabber
server?
Q3) What consequences does the GDPR has for the work processes of the
XSF
itself (membership, voting, wiki etc)?
## Q1
### Q1.1
#### d) Legal ground for processing
Can we send PII via s2s?
(See LQ1 for art 9.1 - sensitive data)
Inside EU: yes, as also subject to GDPR
Outside EU: yes, art. 49.1b
> the transfer is necessary for the performance of a contract between
> the data subject and the controller
Also related, 49.1a: explicit consent.
- user-metadata: consent (49.1b) when user subscribed or somesuch
- user-content: consent (49.1b) when user sends content to wherever
## Misc
Technical TODO:
- Write about default visibility in data policy
* JID: contacts, chatrooms and their server operators
* vcard avatar: always visible
* PEP avatar and other PEP things: most likely to your contacts
PEP items visibility should be made explicit by the client to the
user
* last online timestamp, status message, online status, list of
online devices: contacts, chatroom participants?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://mail.jabber.org/pipermail/members/attachments/20180417/ed66c22d/attachment.sig>
More information about the Members
mailing list