[Standards] Proposed XMPP Extension: Best practices for GDPR compliant deployment of XMPP
winfried at tilanus.com
Fri May 25 07:13:59 UTC 2018
On 22-05-18 21:51, Peter Saint-Andre wrote:
> Thanks to Winfried for putting this together; it will be a helpful > document once it's all filled in.
> I do wonder how careful the XSF needs to be about making recommendations
> that could be construed as legal advice (despite including all of the
> appropriate provisos).
I understand the reluctance of the XSF to give legal advice. Beside that
it may or may not be the task of the XSF, there is a real liability risk
involved in giving it. I personally don't mind putting my own head in
the line of fire there, but I can imagine the XSF wants to stay away
from that. (Awaiting a formal council/board decision here).
The problem is I can't talk about the GDPR (even as example) without
entering the realm of legal advice. So beside giving legal advice (with
disclaimers, waivers etc..) I see only one other option: create an
informal XEP with a general strategy for privacy governance. Topics
would be like: 'determine your jurisdiction', 'determine
responsibilities', 'make an overview of your data processing', 'check
storage retention defaults (pay extention to XEP-XXXX and XEP-YYYY' etc.
Beside that informative XEP, I (or a group of people willing to do so)
publish an own document discussing XMPP & the GDPR in detail.
privacy consultant e-health
More information about the Standards