# GDPR & XSF 3 Attendees: Anu, Ge0rG, pep., winfried 2018-04-06 13:15CEST - at x...@muc.xmpp.org Date of next: 2018-04-09 10:30CEST
Q1) 1. What consequences does the GDPR has for the Jabber network? 2. .. Jabber server operators? 3. .. what can/should do the XSF with that? Q2) What consequences does the GDPR has for the XSF running Jabber server? Q3) What consequences does the GDPR has for the work processes of the XSF itself (membership, voting, wiki etc)? ## Q1 ### Q1.1 #### What data is being processed S2S: - s2s meta-data (IPs, hostnames, sessions, server logs?) - GDPR probably doesn't apply - user meta-data (presence, subscriptions, message routing) - user content (messages, pubsub, etc.) - MUC history, MUC MAM - Remote components (e.g., roster management) #### What processing is being done S2S: - s2s meta-data: typically just inside of server logs. r49 probably applies - user meta-data: all transfer requires (implicit) user consent - by joining a MUC or sending a messages to somebody or accepting a subscription - Archiving (MAM, MUC MAM) Also, transfer between parties within/outside the EU being treated separately in the text, we might need to apply different restrictions. LQ from Anu: - What info (presence/server logs) counts as pii and has to be purged when right to be forgotten is involved? winfried > pii is quite well defined Ge0rG > I think there is still no clear consensus whether IP addresses are PII or not -- Maxime “pep” Buquet
signature.asc
Description: PGP signature
