Hi all,

Sorry for the delay.

# GDPR & XSF 5

At x...@muc.xmpp.org - 2018/04/10 10:30 UTC
Attendees: winfried, Ge0rG, jonasw, pep.


 1. What consequences does the GDPR has for the Jabber network?
 2. .. Jabber server operators?
 3. .. what can/should do the XSF with that?
Q2) What consequences does the GDPR has for the XSF running Jabber
Q3) What consequences does the GDPR has for the work processes of the
itself (membership, voting, wiki etc)?

## Q1
### Q1.1

#### d) Legal ground for processing

Can we send PII via s2s?

(See LQ1 for art 9.1 - sensitive data)

Inside EU: yes, as also subject to GDPR

Outside EU: yes, art. 49.1b
> the transfer is necessary for the performance of a contract between
> the data subject and the controller

Also related, 49.1a: explicit consent.

- user-metadata: consent (49.1b) when user subscribed or somesuch
- user-content: consent (49.1b) when user sends content to wherever

## Misc

Technical TODO:
- Write about default visibility in data policy
  * JID: contacts, chatrooms and their server operators
  * vcard avatar: always visible
  * PEP avatar and other PEP things: most likely to your contacts
    PEP items visibility should be made explicit by the client to the
  * last online timestamp, status message, online status, list of
    online devices: contacts, chatroom participants?

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to