[Operators] GDPR & XSF 9 - Minutes
pep at bouah.net
Mon Apr 30 10:20:39 UTC 2018
Sorry for the delay!
Right before next meeting..
# GDPR & XSF 9
At xsf at muc.xmpp.org - 2018/04/26 10:30 UTC
Attendees: winfried, Ge0rG, jonasw, pep.
Date of Next: 2018/04/30 10:30 UTC
1. What consequences does the GDPR has for the Jabber network?
2. .. Jabber server operators?
3. .. what can/should do the XSF with that?
Q2) What consequences does the GDPR has for the XSF running Jabber server?
Q3) What consequences does the GDPR has for the work processes of the XSF
itself (membership, voting, wiki etc)?
#### e) Analyse possible consequences
Correction on MAM in the table (among others):
It is no different than any other messages, which means under the recipient's
consent (6.1a) once transfered to the other side, and not legitimate
third-party interest (6.1f).
- "[..] to the extent strictly necessary and proportionate" (r49)
- Implicit consent: "processing is necessary for the performance of a contract
Data that will need to be deleted on Right to Erasure (17.1) request:
- MAM contents
- Offline messages (if separate from MAM)
- XML Private Storage
- other custom processing?
Technical TODO: No way to truncate MAM via protocol currently
Technical TODO: HTTP-upload-ed files can't be requested for deletion.
Jonas started https://mail.jabber.org/pipermail/standards/2018-April/034827.html
Technical TODO: Include "Privacy Considerations" in the XEP template
Maxime “pep” Buquet
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the Operators