[Operators] GDPR & XSF 3 - Minutes

David Banes david at banes.org
Mon Apr 9 12:03:54 UTC 2018


Re:  Ge0rG > I think there is still no clear consensus whether IP addresses are PII or not

Yes IP addresses will be PII under GDPR, especially where the end user has a fixed IP.

David.


> On 7 Apr 2018, at 13:39, Maxime Buquet <pep at bouah.net> wrote:
> 
> # GDPR & XSF 3
> 
> Attendees: Anu, Ge0rG, pep., winfried
> 2018-04-06 13:15CEST - at xsf at muc.xmpp.org
> Date of next: 2018-04-09 10:30CEST
> 
> Q1)
> 1. What consequences does the GDPR has for the Jabber network?
> 2. .. Jabber server operators?
> 3. .. what can/should do the XSF with that?
> 
> Q2) What consequences does the GDPR has for the XSF running Jabber server?
> 
> Q3) What consequences does the GDPR has for the work processes of the XSF
> itself (membership, voting, wiki etc)?
> 
> 
> ## Q1
> ### Q1.1
> #### What data is being processed
> S2S:
> 
> - s2s meta-data (IPs, hostnames, sessions, server logs?) - GDPR probably doesn't apply
> - user meta-data (presence, subscriptions, message routing)
> - user content (messages, pubsub, etc.)
> - MUC history, MUC MAM
> - Remote components (e.g., roster management)
> 
> #### What processing is being done
> 
> S2S:
> 
> - s2s meta-data: typically just inside of server logs. r49 probably applies
> - user meta-data: all transfer requires (implicit) user consent - by joining a
>  MUC or sending a messages to somebody or accepting a subscription
> - Archiving (MAM, MUC MAM)
> 
> Also, transfer between parties within/outside the EU being treated separately in the text, we might need to apply different restrictions.
> 
> 
> LQ from Anu:
> - What info (presence/server logs) counts as pii and has to be purged when right to be forgotten is involved?
>  winfried > pii is quite well defined
>  Ge0rG > I think there is still no clear consensus whether IP addresses are PII or not
> 
> 
> -- 
> Maxime “pep” Buquet



More information about the Operators mailing list