Hi all, Sorry for the delay.
# GDPR & XSF 5 At x...@muc.xmpp.org - 2018/04/10 10:30 UTC Attendees: winfried, Ge0rG, jonasw, pep. https://gdpr-info.eu/ Q1) 1. What consequences does the GDPR has for the Jabber network? 2. .. Jabber server operators? 3. .. what can/should do the XSF with that? Q2) What consequences does the GDPR has for the XSF running Jabber server? Q3) What consequences does the GDPR has for the work processes of the XSF itself (membership, voting, wiki etc)? ## Q1 ### Q1.1 #### d) Legal ground for processing Can we send PII via s2s? (See LQ1 for art 9.1 - sensitive data) Inside EU: yes, as also subject to GDPR Outside EU: yes, art. 49.1b > the transfer is necessary for the performance of a contract between > the data subject and the controller Also related, 49.1a: explicit consent. - user-metadata: consent (49.1b) when user subscribed or somesuch - user-content: consent (49.1b) when user sends content to wherever ## Misc Technical TODO: - Write about default visibility in data policy * JID: contacts, chatrooms and their server operators * vcard avatar: always visible * PEP avatar and other PEP things: most likely to your contacts PEP items visibility should be made explicit by the client to the user * last online timestamp, status message, online status, list of online devices: contacts, chatroom participants?
Description: This is a digitally signed message part