# GDPR & XSF 13

At x...@muc.xmpp.org - 2018/05/15 10:30 UTC
Attendees: winfried, Ge0rG, jonasw, pep.

Date of Next: 2018/05/18 11:30 UTC


 1. What consequences does the GDPR has for the Jabber network?
 2. .. Jabber server operators?
 3. .. what can/should do the XSF with that?
Q2) What consequences does the GDPR has for the XSF running Jabber server?
Q3) What consequences does the GDPR has for the work processes of the XSF
itself (membership, voting, wiki etc)?

## Q1
### Q1.2

> Questions regarding data deletion (and probably export):
> > jonasw> do we need to add deletion to the protocol for sure? AFAIK it would
> >   be sufficient to have a way for operators to conveniently delete data.
> > pep.> jonasw, as a first step maybe. On "big" deployments, handling that
> >   might be demanding?
> > jonasw> problem is, how to find all your data scattered across all different
> >   services?
> > pep.> do we have to handle that?
> > jonasw> dunno
> > Ge0rG> interesting point
> > Ge0rG> the same for pubsub
> > jonasw> my understanding would be that each domain is its own operator and
> >   you'd have to ask them for you data

> winfried> from a legal perspective, the data is transferred and not "our"
>   responsability anymore.

[needs clarification about who is controller who isn't, and when consent is
implied for publishing on remote services] To Be Added to the wiki.

Winfried sent a chart to be used as a guide for operators, sent to members@ in
minutes 10[0]
Comments from others:
- Mention offline storage alongside MAM?
- Step 5 might be "require consent for processing beyond the XSF template"

Request from Ge0rG for next meeting, (seealso [1]):
- Cloud-notify / Push servers

[0]: https://mail.jabber.org/pipermail/members/2018-May/008845.html
[1]: https://monal.im/blog/gdpr-removing-monal-from-the-eu/

Maxime “pep” Buquet

Attachment: signature.asc
Description: PGP signature

Reply via email to