> I agree that exposing sensitive data would be problematic but sharing
the username does not seem to be something too private. Your full name
for example also appears in this mailing list or as part of your twitter
account. So under which circumstances would it be problematic if your
name would be written to a QGIS project file?
Not a lawyer, but I have an interest in the GDPR. Basically, this
qualifies as "personal information"
(https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/what-is-personal-data/what-is-personal-data/):
“‘personal data’ means any information relating to an identified or
identifiable natural person (‘data subject’); an identifiable natural
person is one who can be identified, directly or indirectly, in
particular by reference to an identifier such as a name, an
identification number, location data, an online identifier or to one or
more factors specific to the physical, physiological, genetic, mental,
economic, cultural or social identity of that natural person”.
Especially as some user names will be the users actual name. Which means
it falls under the GDPR.
This in turn means there's a whole bunch of other GDPR related
requirements that have to be met when handling any file that has that
data in:
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/
- and I suppose that also means you have to ensure that anyone who
receives that file is also GDPR compliant and treats the file in
accordance with it. And of course you can't be sharing it randomly with
the public.
*TL;DR: include absolutely no personal data by default anywhere in any
files.*
(And to address Thomas' point: The reason you can do it on mailing lists
is because by posting here we're explicitly consenting to it. It's
understood that that'll happen. 99% of users won't know their username
is in a file that's shared so there's no basis for consent.)
On 2021-03-23 20:05, Thomas B wrote:
Hi Matteo,
can you give an example when exposing the username could be problematic?
As far as I know other common programs like Word, Excel and so on also
add your full name as author to the metadata of every Word- or Excel
file you create.
I think this is something very useful if you work with others within
one company. If you send these files to someone else and want to get
rid of these metadata you can delete this metadata information.
I agree that exposing sensitive data would be problematic but sharing
the username does not seem to be something too private. Your full name
for example also appears in this mailing list or as part of your
twitter account. So under which circumstances would it be problematic
if your name would be written to a QGIS project file?
regards,
Thomas
Am Di., 23. März 2021 um 09:01 Uhr schrieb matteo
<[email protected] <mailto:[email protected]>>:
Hi devs,
in the Italian QGIS Group we had a discussion on privacy "issues"
related to the exposure of some Global Variables, like
"user_full_name",
that is automatically taken from the client.
Maybe some variable should be opt-in rather then opt-out: sharing a
project between different computers/users can expose the user name
without an explicit agreement of the final user.
What is your opinion on this?
Cheers
Matteo
_______________________________________________
QGIS-Developer mailing list
[email protected] <mailto:[email protected]>
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
_______________________________________________
QGIS-Developer mailing list
[email protected]
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
_______________________________________________
QGIS-Developer mailing list
[email protected]
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
