[Operators] GDPR & XSF 3 - Minutes

Maxime Buquet pep at bouah.net
Sat Apr 7 12:39:55 UTC 2018


# GDPR & XSF 3

Attendees: Anu, Ge0rG, pep., winfried
2018-04-06 13:15CEST - at xsf at muc.xmpp.org
Date of next: 2018-04-09 10:30CEST

Q1)
 1. What consequences does the GDPR has for the Jabber network?
 2. .. Jabber server operators?
 3. .. what can/should do the XSF with that?

Q2) What consequences does the GDPR has for the XSF running Jabber server?

Q3) What consequences does the GDPR has for the work processes of the XSF
itself (membership, voting, wiki etc)?


## Q1
### Q1.1
#### What data is being processed
S2S:

- s2s meta-data (IPs, hostnames, sessions, server logs?) - GDPR probably doesn't apply
- user meta-data (presence, subscriptions, message routing)
- user content (messages, pubsub, etc.)
- MUC history, MUC MAM
- Remote components (e.g., roster management)

#### What processing is being done

S2S:

- s2s meta-data: typically just inside of server logs. r49 probably applies
- user meta-data: all transfer requires (implicit) user consent - by joining a
  MUC or sending a messages to somebody or accepting a subscription
- Archiving (MAM, MUC MAM)

Also, transfer between parties within/outside the EU being treated separately in the text, we might need to apply different restrictions.


LQ from Anu:
- What info (presence/server logs) counts as pii and has to be purged when right to be forgotten is involved?
  winfried > pii is quite well defined
  Ge0rG > I think there is still no clear consensus whether IP addresses are PII or not


-- 
Maxime “pep” Buquet
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/operators/attachments/20180407/a56890c3/attachment.sig>


More information about the Operators mailing list