Seconded ☺
Chris Mattmann VP, Legal From: Craig Russell <[email protected]> Reply-To: "[email protected]" <[email protected]> Date: Monday, May 21, 2018 at 6:38 PM To: "[email protected]" <[email protected]> Cc: Michael Osipov <[email protected]> Subject: Re: Our Privacy Policy and GDPR I'd suggest opening a LEGAL JIRA to track this issue. It will get the proper attention from VP Legal. Craig On May 21, 2018, at 5:03 AM, Mark Thomas <[email protected]> wrote: On 20/05/18 20:47, Michael Osipov wrote: Folks, is there any legal statement from the ASF how to proceed with our privacy policy, especially Google Analytics, from 2018-05-25? Legal questions should be directed to [email protected] Mark All maven.a.o use GA and I have written a mail to [email protected], but no one reaction to. Here is a transcript: ======================== Hi folks, raising this privately for the moment to assess the current situation as well as how we want to deal with our sites after 2018-05-25. Most of you might know that EU-DSGVO (GDPR in English) is rapidly approaching and our Maven sites (and likely other Apache sites) are already illegal with BDSG (Germany's privacy law) due to GA. From 25th May it will be illegal in the entire EU. Though, I haven't read the entire regulation, some basic points we don't meet now [1], [2]: * Ask for user's consent * Anonymizing the IP * Present an easily accesible privacy policy * Provide an opt-out option None of these criteria are met as of today. See also [3]. maven.apache.org points for me to 2001:bc8:2142:300:: which is a French IP address. Any ideas? Is there any special legal dept with the ASF who can take care of and we will implement? The easiest one is to drop it altogether from site.xml. Michael [1] https://www.kloos.de/blog/google-analytics-die-datenschutzgrundverordnung/ [2] https://www.kloos.de/blog/google-analytics-datenschutzkonform-nutzen/ [3] https://issues.apache.org/jira/browse/MSKINS-143 ======================== I do believe that what we do now, regardless ASF top page as well as maven.a.o is illegal in a few days. Can someone react on? Do I need to raise this with LEGAL on JIRA? I am convinced that there are already hords of laywers who have prepared cease and desist letter for those who still don't comply with. Does this has to be raised with https://www.cnil.fr/ since the IP address terminates in France? Regards, Michael --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Craig L Russell Secretary, Apache Software Foundation [email protected] http://db.apache.org/jdo --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
