Re: [Operators] GDPR & XSF 3 - Minutes

2018-04-12 Thread Peter Saint-Andre 
Also, someone from the Debian community has set up a discussion list here:

https://www.earth.li/mailman/listinfo/gdpr-discuss

Peter

On 4/9/18 11:44 AM, Peter Saint-Andre wrote:
> Of interest:
> 
> https://blog.mozilla.org/berlin/en/countdown-to-gdpr/
> 
> And if you're Berlin, join in person! :-)
> 
> On 4/9/18 6:03 AM, David Banes wrote:
>> Re:  Ge0rG > I think there is still no clear consensus whether IP addresses 
>> are PII or not
>>
>> Yes IP addresses will be PII under GDPR, especially where the end user has a 
>> fixed IP.
>>
>> David.
>>
>>
>>> On 7 Apr 2018, at 13:39, Maxime Buquet  wrote:
>>>
>>> # GDPR & XSF 3
>>>
>>> Attendees: Anu, Ge0rG, pep., winfried
>>> 2018-04-06 13:15CEST - at x...@muc.xmpp.org
>>> Date of next: 2018-04-09 10:30CEST
>>>
>>> Q1)
>>> 1. What consequences does the GDPR has for the Jabber network?
>>> 2. .. Jabber server operators?
>>> 3. .. what can/should do the XSF with that?
>>>
>>> Q2) What consequences does the GDPR has for the XSF running Jabber server?
>>>
>>> Q3) What consequences does the GDPR has for the work processes of the XSF
>>> itself (membership, voting, wiki etc)?
>>>
>>>
>>> ## Q1
>>> ### Q1.1
>>>  What data is being processed
>>> S2S:
>>>
>>> - s2s meta-data (IPs, hostnames, sessions, server logs?) - GDPR probably 
>>> doesn't apply
>>> - user meta-data (presence, subscriptions, message routing)
>>> - user content (messages, pubsub, etc.)
>>> - MUC history, MUC MAM
>>> - Remote components (e.g., roster management)
>>>
>>>  What processing is being done
>>>
>>> S2S:
>>>
>>> - s2s meta-data: typically just inside of server logs. r49 probably applies
>>> - user meta-data: all transfer requires (implicit) user consent - by 
>>> joining a
>>>  MUC or sending a messages to somebody or accepting a subscription
>>> - Archiving (MAM, MUC MAM)
>>>
>>> Also, transfer between parties within/outside the EU being treated 
>>> separately in the text, we might need to apply different restrictions.
>>>
>>>
>>> LQ from Anu:
>>> - What info (presence/server logs) counts as pii and has to be purged when 
>>> right to be forgotten is involved?
>>>  winfried > pii is quite well defined
>>>  Ge0rG > I think there is still no clear consensus whether IP addresses are 
>>> PII or not
>>>
>>>
>>> -- 
>>> Maxime “pep” Buquet
>>
> 
> 




signature.asc
Description: OpenPGP digital signature

Re: [Operators] GDPR & XSF 3 - Minutes

2018-04-09 Thread Peter Saint-Andre 
Of interest:

https://blog.mozilla.org/berlin/en/countdown-to-gdpr/

And if you're Berlin, join in person! :-)

On 4/9/18 6:03 AM, David Banes wrote:
> Re:  Ge0rG > I think there is still no clear consensus whether IP addresses 
> are PII or not
> 
> Yes IP addresses will be PII under GDPR, especially where the end user has a 
> fixed IP.
> 
> David.
> 
> 
>> On 7 Apr 2018, at 13:39, Maxime Buquet  wrote:
>>
>> # GDPR & XSF 3
>>
>> Attendees: Anu, Ge0rG, pep., winfried
>> 2018-04-06 13:15CEST - at x...@muc.xmpp.org
>> Date of next: 2018-04-09 10:30CEST
>>
>> Q1)
>> 1. What consequences does the GDPR has for the Jabber network?
>> 2. .. Jabber server operators?
>> 3. .. what can/should do the XSF with that?
>>
>> Q2) What consequences does the GDPR has for the XSF running Jabber server?
>>
>> Q3) What consequences does the GDPR has for the work processes of the XSF
>> itself (membership, voting, wiki etc)?
>>
>>
>> ## Q1
>> ### Q1.1
>>  What data is being processed
>> S2S:
>>
>> - s2s meta-data (IPs, hostnames, sessions, server logs?) - GDPR probably 
>> doesn't apply
>> - user meta-data (presence, subscriptions, message routing)
>> - user content (messages, pubsub, etc.)
>> - MUC history, MUC MAM
>> - Remote components (e.g., roster management)
>>
>>  What processing is being done
>>
>> S2S:
>>
>> - s2s meta-data: typically just inside of server logs. r49 probably applies
>> - user meta-data: all transfer requires (implicit) user consent - by joining 
>> a
>>  MUC or sending a messages to somebody or accepting a subscription
>> - Archiving (MAM, MUC MAM)
>>
>> Also, transfer between parties within/outside the EU being treated 
>> separately in the text, we might need to apply different restrictions.
>>
>>
>> LQ from Anu:
>> - What info (presence/server logs) counts as pii and has to be purged when 
>> right to be forgotten is involved?
>>  winfried > pii is quite well defined
>>  Ge0rG > I think there is still no clear consensus whether IP addresses are 
>> PII or not
>>
>>
>> -- 
>> Maxime “pep” Buquet
> 




signature.asc
Description: OpenPGP digital signature

Re: [Operators] GDPR & XSF 3 - Minutes

2018-04-09 Thread David Banes 
Re:  Ge0rG > I think there is still no clear consensus whether IP addresses are 
PII or not

Yes IP addresses will be PII under GDPR, especially where the end user has a 
fixed IP.

David.


> On 7 Apr 2018, at 13:39, Maxime Buquet  wrote:
> 
> # GDPR & XSF 3
> 
> Attendees: Anu, Ge0rG, pep., winfried
> 2018-04-06 13:15CEST - at x...@muc.xmpp.org
> Date of next: 2018-04-09 10:30CEST
> 
> Q1)
> 1. What consequences does the GDPR has for the Jabber network?
> 2. .. Jabber server operators?
> 3. .. what can/should do the XSF with that?
> 
> Q2) What consequences does the GDPR has for the XSF running Jabber server?
> 
> Q3) What consequences does the GDPR has for the work processes of the XSF
> itself (membership, voting, wiki etc)?
> 
> 
> ## Q1
> ### Q1.1
>  What data is being processed
> S2S:
> 
> - s2s meta-data (IPs, hostnames, sessions, server logs?) - GDPR probably 
> doesn't apply
> - user meta-data (presence, subscriptions, message routing)
> - user content (messages, pubsub, etc.)
> - MUC history, MUC MAM
> - Remote components (e.g., roster management)
> 
>  What processing is being done
> 
> S2S:
> 
> - s2s meta-data: typically just inside of server logs. r49 probably applies
> - user meta-data: all transfer requires (implicit) user consent - by joining a
>  MUC or sending a messages to somebody or accepting a subscription
> - Archiving (MAM, MUC MAM)
> 
> Also, transfer between parties within/outside the EU being treated separately 
> in the text, we might need to apply different restrictions.
> 
> 
> LQ from Anu:
> - What info (presence/server logs) counts as pii and has to be purged when 
> right to be forgotten is involved?
>  winfried > pii is quite well defined
>  Ge0rG > I think there is still no clear consensus whether IP addresses are 
> PII or not
> 
> 
> -- 
> Maxime “pep” Buquet