# GDPR & XSF 3

Attendees: Anu, Ge0rG, pep., winfried
2018-04-06 13:15CEST - at x...@muc.xmpp.org
Date of next: 2018-04-09 10:30CEST

 1. What consequences does the GDPR has for the Jabber network?
 2. .. Jabber server operators?
 3. .. what can/should do the XSF with that?

Q2) What consequences does the GDPR has for the XSF running Jabber server?

Q3) What consequences does the GDPR has for the work processes of the XSF
itself (membership, voting, wiki etc)?

## Q1
### Q1.1
#### What data is being processed

- s2s meta-data (IPs, hostnames, sessions, server logs?) - GDPR probably 
doesn't apply
- user meta-data (presence, subscriptions, message routing)
- user content (messages, pubsub, etc.)
- MUC history, MUC MAM
- Remote components (e.g., roster management)

#### What processing is being done


- s2s meta-data: typically just inside of server logs. r49 probably applies
- user meta-data: all transfer requires (implicit) user consent - by joining a
  MUC or sending a messages to somebody or accepting a subscription
- Archiving (MAM, MUC MAM)

Also, transfer between parties within/outside the EU being treated separately 
in the text, we might need to apply different restrictions.

LQ from Anu:
- What info (presence/server logs) counts as pii and has to be purged when 
right to be forgotten is involved?
  winfried > pii is quite well defined
  Ge0rG > I think there is still no clear consensus whether IP addresses are 
PII or not

Maxime “pep” Buquet

Attachment: signature.asc
Description: PGP signature

Reply via email to