On 13/04/18 14:03, Jonathan McDowell wrote:
On Fri, Apr 13, 2018 at 01:07:21PM +0200, Daniel Stone wrote:
We've been looking into GDPR compliance for fd.o, which has been ... fun.
Yeah. I've been involved with looking at it for Debian. Fun isn't the word I'd use; I've ended up with a lot of questions and no real answers at this stage.
The biggest stumbling block for us is probably Bugzilla and Mailman. Deleting messages and profiles from those just isn't practical for us, especially at any kind of scale. We could write a script to censor those, but once it has been posted to either, then it's all over the public internet anyway.
We don't control distribution once messages hit Mailman - it's forwarded raw to a potentially unlimited distribution list - and deleting messages from Mailman is also a manual nightmare. Rebuilding the archives is out since it breaks URLs. Hand-editing it all sucks beyond belief. And then people have quoted it in replies anyway ...
Does anyone know if there's some kind of GDPR 'out' for, 'by posting here you agree that everything is going to be made public, so as there's nothing we can do about its distribution, it's not useful or practical for us to undo that'? And are there any kind of credible Bugzilla/Mailman deletion tools?
For posting and distributing I think the "You posted to a list, therefore it's going to be sent out to anyone on the list" is reasonable
- it's a point in time thing, it's the way lists work and there's no
retention.
I agree; I don't think anything needs to change because the user takes a "clear affirmative action" to subscribe:
GDPR Rec.32; Art.4(11)
"The consent of the data subject" means any freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject, either by a statement or by a clear affirmative action, signifies agreement to personal data relating to them being processed.
But I think it needs to be stated that any emails they send to the list can and likely will be retained by every other subscriber, and that there is also a public archive of those emails kept which is an essential part of the service (to retain historic technical and other data about the topic in the community/public interest).
The subscriber should also be reminded that other services (search engines, public and private archives) may well make copies which the data controller has no (contractual) relationship with.
The primary requirement from the point of view of the data controller/processor is having an efficient automated way to receive and handle deletion requests - bugzilla to track bugzilla anyone?!
In summary, it needs 'small print' and sensible interpretation.