GDPR - what does it mean for us?
luigi.toscano at tiscali.it
Sun Apr 1 15:33:05 UTC 2018
Lydia Pintscher ha scritto:
> Hey folks,
> As you might have heard new EU privacy regulations are going to come
> into effect on May 25th. I wanted to start this thread to see if there
> is anything we still need to do and to make sure we're all aware of it
> for future activities.
> I found https://blog.varonis.com/gdpr-requirements-list-in-plain-english/
> helpful in understanding what it all means.
> What I am taking away from it for us so far:
> * Don't track without consent unless required by law. Consent needs to
> be asked for in plain understandable language. Collecting data without
> being able to track the person seems ok (and relevant for our
> telemetry efforts).
> * When we're asking for data we need to have a reason for it and we
> need to make it explicit what we're using the data for.
> * People can ask for all the data we have about them and can ask for
> it to be deleted. This means we need to make it less of a pita to do
> this for sysadmin. And we need a list of all the places where we hold
> data. Sysadmin: do you have that already?
> * Penalties for non-compliance are potentially _severe_.
> What's still fuzzy to me:
> * What is considered data in this context? A user profile that the
> user himself created? A machine-generated user profile based on
> actions the user took for advertising etc? A post on a forum? Probably
> all of the above.
I'm not an expert of GDPR, but I see that there is a confusion around the
application of erasure to - for example - version control system.
IANAL and we probably need a lawyer and coordination with other FLOSS
communities, but a quick search shows:
More information about the kde-www