Re: [Operators] GDPR & XSF 3 - Minutes
Also, someone from the Debian community has set up a discussion list here: https://www.earth.li/mailman/listinfo/gdpr-discuss Peter On 4/9/18 11:44 AM, Peter Saint-Andre wrote: > Of interest: > > https://blog.mozilla.org/berlin/en/countdown-to-gdpr/ > > And if you're Berlin, join in person! :-) > > On 4/9/18 6:03 AM, David Banes wrote: >> Re: Ge0rG > I think there is still no clear consensus whether IP addresses >> are PII or not >> >> Yes IP addresses will be PII under GDPR, especially where the end user has a >> fixed IP. >> >> David. >> >> >>> On 7 Apr 2018, at 13:39, Maxime Buquetwrote: >>> >>> # GDPR & XSF 3 >>> >>> Attendees: Anu, Ge0rG, pep., winfried >>> 2018-04-06 13:15CEST - at x...@muc.xmpp.org >>> Date of next: 2018-04-09 10:30CEST >>> >>> Q1) >>> 1. What consequences does the GDPR has for the Jabber network? >>> 2. .. Jabber server operators? >>> 3. .. what can/should do the XSF with that? >>> >>> Q2) What consequences does the GDPR has for the XSF running Jabber server? >>> >>> Q3) What consequences does the GDPR has for the work processes of the XSF >>> itself (membership, voting, wiki etc)? >>> >>> >>> ## Q1 >>> ### Q1.1 >>> What data is being processed >>> S2S: >>> >>> - s2s meta-data (IPs, hostnames, sessions, server logs?) - GDPR probably >>> doesn't apply >>> - user meta-data (presence, subscriptions, message routing) >>> - user content (messages, pubsub, etc.) >>> - MUC history, MUC MAM >>> - Remote components (e.g., roster management) >>> >>> What processing is being done >>> >>> S2S: >>> >>> - s2s meta-data: typically just inside of server logs. r49 probably applies >>> - user meta-data: all transfer requires (implicit) user consent - by >>> joining a >>> MUC or sending a messages to somebody or accepting a subscription >>> - Archiving (MAM, MUC MAM) >>> >>> Also, transfer between parties within/outside the EU being treated >>> separately in the text, we might need to apply different restrictions. >>> >>> >>> LQ from Anu: >>> - What info (presence/server logs) counts as pii and has to be purged when >>> right to be forgotten is involved? >>> winfried > pii is quite well defined >>> Ge0rG > I think there is still no clear consensus whether IP addresses are >>> PII or not >>> >>> >>> -- >>> Maxime “pep” Buquet >> > > signature.asc Description: OpenPGP digital signature
Re: [Operators] GDPR & XSF 3 - Minutes
Of interest: https://blog.mozilla.org/berlin/en/countdown-to-gdpr/ And if you're Berlin, join in person! :-) On 4/9/18 6:03 AM, David Banes wrote: > Re: Ge0rG > I think there is still no clear consensus whether IP addresses > are PII or not > > Yes IP addresses will be PII under GDPR, especially where the end user has a > fixed IP. > > David. > > >> On 7 Apr 2018, at 13:39, Maxime Buquetwrote: >> >> # GDPR & XSF 3 >> >> Attendees: Anu, Ge0rG, pep., winfried >> 2018-04-06 13:15CEST - at x...@muc.xmpp.org >> Date of next: 2018-04-09 10:30CEST >> >> Q1) >> 1. What consequences does the GDPR has for the Jabber network? >> 2. .. Jabber server operators? >> 3. .. what can/should do the XSF with that? >> >> Q2) What consequences does the GDPR has for the XSF running Jabber server? >> >> Q3) What consequences does the GDPR has for the work processes of the XSF >> itself (membership, voting, wiki etc)? >> >> >> ## Q1 >> ### Q1.1 >> What data is being processed >> S2S: >> >> - s2s meta-data (IPs, hostnames, sessions, server logs?) - GDPR probably >> doesn't apply >> - user meta-data (presence, subscriptions, message routing) >> - user content (messages, pubsub, etc.) >> - MUC history, MUC MAM >> - Remote components (e.g., roster management) >> >> What processing is being done >> >> S2S: >> >> - s2s meta-data: typically just inside of server logs. r49 probably applies >> - user meta-data: all transfer requires (implicit) user consent - by joining >> a >> MUC or sending a messages to somebody or accepting a subscription >> - Archiving (MAM, MUC MAM) >> >> Also, transfer between parties within/outside the EU being treated >> separately in the text, we might need to apply different restrictions. >> >> >> LQ from Anu: >> - What info (presence/server logs) counts as pii and has to be purged when >> right to be forgotten is involved? >> winfried > pii is quite well defined >> Ge0rG > I think there is still no clear consensus whether IP addresses are >> PII or not >> >> >> -- >> Maxime “pep” Buquet > signature.asc Description: OpenPGP digital signature
Re: [Operators] GDPR & XSF 3 - Minutes
Re: Ge0rG > I think there is still no clear consensus whether IP addresses are PII or not Yes IP addresses will be PII under GDPR, especially where the end user has a fixed IP. David. > On 7 Apr 2018, at 13:39, Maxime Buquetwrote: > > # GDPR & XSF 3 > > Attendees: Anu, Ge0rG, pep., winfried > 2018-04-06 13:15CEST - at x...@muc.xmpp.org > Date of next: 2018-04-09 10:30CEST > > Q1) > 1. What consequences does the GDPR has for the Jabber network? > 2. .. Jabber server operators? > 3. .. what can/should do the XSF with that? > > Q2) What consequences does the GDPR has for the XSF running Jabber server? > > Q3) What consequences does the GDPR has for the work processes of the XSF > itself (membership, voting, wiki etc)? > > > ## Q1 > ### Q1.1 > What data is being processed > S2S: > > - s2s meta-data (IPs, hostnames, sessions, server logs?) - GDPR probably > doesn't apply > - user meta-data (presence, subscriptions, message routing) > - user content (messages, pubsub, etc.) > - MUC history, MUC MAM > - Remote components (e.g., roster management) > > What processing is being done > > S2S: > > - s2s meta-data: typically just inside of server logs. r49 probably applies > - user meta-data: all transfer requires (implicit) user consent - by joining a > MUC or sending a messages to somebody or accepting a subscription > - Archiving (MAM, MUC MAM) > > Also, transfer between parties within/outside the EU being treated separately > in the text, we might need to apply different restrictions. > > > LQ from Anu: > - What info (presence/server logs) counts as pii and has to be purged when > right to be forgotten is involved? > winfried > pii is quite well defined > Ge0rG > I think there is still no clear consensus whether IP addresses are > PII or not > > > -- > Maxime “pep” Buquet