[Operators] GDPR & XSF 10 - Minutes

Maxime Buquet pep at bouah.net
Mon Apr 30 11:52:49 UTC 2018


# GDPR & XSF 10

At xsf at muc.xmpp.org - 2018/04/30 10:30 UTC
Attendees: winfried, Ge0rG, jonasw, pep.

Date of Next: 2018/05/04 11:00 UTC

https://gdpr-info.eu/

Q1)
 1. What consequences does the GDPR has for the Jabber network?
 2. .. Jabber server operators?
 3. .. what can/should do the XSF with that?
Q2) What consequences does the GDPR has for the XSF running Jabber server?
Q3) What consequences does the GDPR has for the work processes of the XSF
itself (membership, voting, wiki etc)?

## Q1
### Q1.1

#### e) Analyse possible consequences

https://wiki.xmpp.org/web/GDPR/Table

Data that will need to be deleted on Right to Erasure (17.1) request:
- MAM contents
- Offline messages (if separate from MAM)
- Roster
- XML Private Storage
- PEP
- other custom processing?
- (addition) server-side file storage, (e.g., HTTP-upload, jingle-ft)
- (addition) private pubsub (223)

Technical TODO: Jingle-FT, server-side[0], doesn't support deletion.
  goffi mentioned he would submit a protoXEP for this.


Data export (art. 20, r68):
> The data subject shall have the right to receive the personal data
> concerning him or her, which she has provided to a controller, in a
> structured, commonly used and machine-readable format [..] (20.1)

> the data subject shall have the right to have the personal data
> transmitted directly from one controller to another, where technically
> feasible. (20.2)

- Strictly speaking, only PII provided under 6.1a or 9.2a (explicit
  consent) are subject to this article (20.1a). We were overshooting
  this requirement in the discussions we had
- Parts of 227 and/or 283 can be reused?

Technical TODO: export tool (client)?
Technical TODO: Look at 227/283, see what more is required for s2s transfers of accounts

[0]: https://mail.jabber.org/pipermail/standards/2018-February/034348.html

-- 
Maxime “pep” Buquet
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/operators/attachments/20180430/3192da8d/attachment.sig>


More information about the Operators mailing list