[Standards] XEP-0363 (HTTP Upload): Privacy Considerations & Deletion
jonas at wielicki.name
Thu Apr 26 14:35:00 UTC 2018
During the last "XSF & GDPR" meeting (minutes pending), we were discussing
As it turns out, several implementations are making it not trivial for
operators to be GDPR compliant. One of the things definitely necessary (as far
as our understanding goes) is that users must be able to have their data
deleted in a reasonable timeframe; it must also be possible to create a bundle
of all data the service currently has from the user.
Some implementations do not allow this. I have prepared [PR #625] which adds
wording to inform implementations about these requirements.
In addition, it would be useful if users could delete files they uploaded
themselves. This is rather optional (which is why I made separate PRs), since
services are likely to auto-expire files anyways. I can however see use-cases
where a user wants a file deleted immediately, and this saves the interaction
with the operator. I prepared [PR #624] for this.
I’d like to hear your (especially Daniels) opinions on this.
[PR #625]: https://github.com/xsf/xeps/pull/625
[PR #624]: https://github.com/xsf/xeps/pull/624
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: This is a digitally signed message part.
More information about the Standards