[Operators] GDPR & XSF 3 - Minutes
David Banes
david at banes.org
Mon Apr 9 12:03:54 UTC 2018
Re: Ge0rG > I think there is still no clear consensus whether IP addresses are PII or not
Yes IP addresses will be PII under GDPR, especially where the end user has a fixed IP.
David.
> On 7 Apr 2018, at 13:39, Maxime Buquet <pep at bouah.net> wrote:
>
> # GDPR & XSF 3
>
> Attendees: Anu, Ge0rG, pep., winfried
> 2018-04-06 13:15CEST - at xsf at muc.xmpp.org
> Date of next: 2018-04-09 10:30CEST
>
> Q1)
> 1. What consequences does the GDPR has for the Jabber network?
> 2. .. Jabber server operators?
> 3. .. what can/should do the XSF with that?
>
> Q2) What consequences does the GDPR has for the XSF running Jabber server?
>
> Q3) What consequences does the GDPR has for the work processes of the XSF
> itself (membership, voting, wiki etc)?
>
>
> ## Q1
> ### Q1.1
> #### What data is being processed
> S2S:
>
> - s2s meta-data (IPs, hostnames, sessions, server logs?) - GDPR probably doesn't apply
> - user meta-data (presence, subscriptions, message routing)
> - user content (messages, pubsub, etc.)
> - MUC history, MUC MAM
> - Remote components (e.g., roster management)
>
> #### What processing is being done
>
> S2S:
>
> - s2s meta-data: typically just inside of server logs. r49 probably applies
> - user meta-data: all transfer requires (implicit) user consent - by joining a
> MUC or sending a messages to somebody or accepting a subscription
> - Archiving (MAM, MUC MAM)
>
> Also, transfer between parties within/outside the EU being treated separately in the text, we might need to apply different restrictions.
>
>
> LQ from Anu:
> - What info (presence/server logs) counts as pii and has to be purged when right to be forgotten is involved?
> winfried > pii is quite well defined
> Ge0rG > I think there is still no clear consensus whether IP addresses are PII or not
>
>
> --
> Maxime “pep” Buquet
More information about the Operators
mailing list