[Operators] GDPR & XSF 5 - Minutes

Maxime Buquet pep at bouah.net
Mon Apr 16 23:01:38 UTC 2018

Hi all,

Sorry for the delay.

# GDPR & XSF 5

At xsf at muc.xmpp.org - 2018/04/10 10:30 UTC
Attendees: winfried, Ge0rG, jonasw, pep.


 1. What consequences does the GDPR has for the Jabber network?
 2. .. Jabber server operators?
 3. .. what can/should do the XSF with that?
Q2) What consequences does the GDPR has for the XSF running Jabber
Q3) What consequences does the GDPR has for the work processes of the
itself (membership, voting, wiki etc)?

## Q1
### Q1.1

#### d) Legal ground for processing

Can we send PII via s2s?

(See LQ1 for art 9.1 - sensitive data)

Inside EU: yes, as also subject to GDPR

Outside EU: yes, art. 49.1b
> the transfer is necessary for the performance of a contract between
> the data subject and the controller

Also related, 49.1a: explicit consent.

- user-metadata: consent (49.1b) when user subscribed or somesuch
- user-content: consent (49.1b) when user sends content to wherever

## Misc

Technical TODO:
- Write about default visibility in data policy
  * JID: contacts, chatrooms and their server operators
  * vcard avatar: always visible
  * PEP avatar and other PEP things: most likely to your contacts
    PEP items visibility should be made explicit by the client to the
  * last online timestamp, status message, online status, list of
    online devices: contacts, chatroom participants?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://mail.jabber.org/pipermail/operators/attachments/20180417/ed66c22d/attachment.sig>

More information about the Operators mailing list