[Operators] GDPR & XSF 5 - Minutes
pep at bouah.net
Mon Apr 16 23:01:38 UTC 2018
Sorry for the delay.
# GDPR & XSF 5
At xsf at muc.xmpp.org - 2018/04/10 10:30 UTC
Attendees: winfried, Ge0rG, jonasw, pep.
1. What consequences does the GDPR has for the Jabber network?
2. .. Jabber server operators?
3. .. what can/should do the XSF with that?
Q2) What consequences does the GDPR has for the XSF running Jabber
Q3) What consequences does the GDPR has for the work processes of the
itself (membership, voting, wiki etc)?
#### d) Legal ground for processing
Can we send PII via s2s?
(See LQ1 for art 9.1 - sensitive data)
Inside EU: yes, as also subject to GDPR
Outside EU: yes, art. 49.1b
> the transfer is necessary for the performance of a contract between
> the data subject and the controller
Also related, 49.1a: explicit consent.
- user-metadata: consent (49.1b) when user subscribed or somesuch
- user-content: consent (49.1b) when user sends content to wherever
- Write about default visibility in data policy
* JID: contacts, chatrooms and their server operators
* vcard avatar: always visible
* PEP avatar and other PEP things: most likely to your contacts
PEP items visibility should be made explicit by the client to the
* last online timestamp, status message, online status, list of
online devices: contacts, chatroom participants?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: This is a digitally signed message part
More information about the Operators