[Operators] GDPR & XSF 15 - Minutes

Maxime Buquet pep at bouah.net
Tue May 22 13:40:40 UTC 2018


# GDPR & XSF 15

At xsf at muc.xmpp.org - 2018/05/22 10:30 UTC
Attendees: winfried, Ge0rG, jonasw, pep., Dave Cridland

Date of Next: 2018/05/25 10:30 UTC (D-Day!)

https://gdpr-info.eu/

Q1)
 1. What consequences does the GDPR has for the Jabber network?
 2. .. Jabber server operators?
 3. .. what can/should do the XSF with that?
Q2) What consequences does the GDPR has for the XSF running Jabber server?
Q3) What consequences does the GDPR has for the work processes of the XSF
itself (membership, voting, wiki etc)?

## Q1
### Q1.2

- Ge0rG proposed WIP template for Terms of Service and Privacy Policies:
  https://wiki.xmpp.org/web/GDPR/ToS_Template
  https://wiki.xmpp.org/web/GDPR/Privacy_Policy_Template

  > Ge0rG> I'd like to establish some process where we have a master copy and
  >   the yax.im ToS are a fork of that.
  > winfried> git!
  > Ge0rG> markdown + C preprocessor?
  > jonasw> jinja is a neat templating language
  > jonasw> would be trivial to build a generator on top of that
  > Ge0rG> Markdown is an ideal language for the content, minus the templating.
  > jonasw> the advantage I see in jinja that its inheritance and block stuff
  >   would allow for easy replacement of specific blocks and extensions
  > jonasw> that would be cumbersome with C preprocessor
  > Ge0rG> We could also `sed -e s/ZZZservernameZZZ/$SERVERNAME/g`
  > Ge0rG> or use bash here-documents.

  TBD. Current work is available on the wiki, and will be moved to git(hub) at
  some point.

- Modifying other XEPs
  Re discussion in standards@ a while ago [0] about XEPs and local law details,
  should we modify each and every XEP to mention local laws. Consensus is:
  1. Patch XEPs / Add XEPs when generic functionality is needed for compliance
  2. Add general "Privacy considerations", mentioning what kind of data is
     handled withing the XEPs
  3. Adding business rule paragraphs to point to informational GDPR XEP if
     necessary (i.e., "this XEP may have GDPR consequences, please see
     XEP-GDPR for more information")
  4. informational GDPR XEP, mentioning steps for compliance, and red flags

  e.g., do not add local laws implementation details directly in the XEPs.
  Also thanks Dave for your input on the matter.


- Current status, what's left:
  * EULA-XEP: skeleton/abstract incoming
  * Informational GDPR XEP: skeleton/abstract incoming
  * Deletion: PR against HTTP Upload [0]
  * Transfer/portability of data
  * Defaults for MAM

[0]: https://mail.jabber.org/pipermail/standards/2018-April/034827.html

-- 
Maxime “pep” Buquet
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/operators/attachments/20180522/7622c2b9/attachment.sig>


More information about the Operators mailing list