[gdpr-discuss] [article] GDPR: Biggest pain points, now and later

[Daniel Stone]

Hi Winfried,

On 17 May 2018 at 00:34, Winfried Tilanus <winfried at tilanus.com> wrote:
> Maybe it is better to elaborate what issues you do see.
>
> To be honest, I don't think the GDPR is such a burden, certainly not for OS
> projects.

I disagree.

You're right below, that the GDPR encodes good principles, and those
who have been conscientiously following best practice for privacy will
not have an issue.

However, it's well documented on this list what the issues are. Many
of the tools used in open-source development have distributed PII far
and wide, and do not have good mechanisms to deal with it. Scrubbing
Bugzilla is difficult. Mailman requires a massive amount of text
parsing, as it distributes PII through the headers as well as mail
bodies: stripping information from there involves scraping through
files in three formats, decoding MIME, and even then basic tools like
grep are insufficient, because the PII might be split across line
breaks with quote marks in between.

No-one has yet come up with a solution for GIt, which is fundamentally
intractable.

Many of these platforms (including mine - freedesktop.org) have
historically been understaffed on the admin and tooling side.

So yes, if we had all been doing a much better job then there would be
no problem. But that's plainly not the case today; if there was no
problem, then there would be no need for this list.

Sweeping 'there is no burden' statements do not help those of us
tasked with the burden of picking up the pieces (many of us doing so
in our own spare time). I joined the list in the hope of practical
advice and solutions to the very real problems myself and others face;
if it's just to be lectured at by people in a far less bad position,
then the list is of no value to me.

Cheers,
Daniel