[gdpr-discuss] Git and the Right for Rectification

Karen Reilly akareilly at gmail.com
Mon May 21 21:31:26 BST 2018 

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-rectification/

In the case of git, the data (email addresses) were accurate at the time.
It may also reflect an organization member’s code contributions -
historical data that one has a reason for tracking (OpenStack does this).

The legitimate interest for processing is still relevant in later articles
- data subject requests are influenced by whether the legitimate interest
still holds.

If coder Ms.Foo used a company email to contribute, then changed email
addresses, a correct email address for future contributions may suffice.

Cheers,
   K. Reilly

On Mon 21. May 2018 at 22:13, <gdpr at sheogorath.shivering-isles.com> wrote:

> On 05/21/2018 06:22 PM, Jonas Wielicki wrote:
> > On Montag, 21. Mai 2018 17:57:42 CEST Winfried Tilanus wrote:
> >> Git has the pressing need of
> >> maintaining code integrity and traceability. The final decision will be
> >> up to a judge, but my bets are on the need of maintaining the code.
> >> Something similar will be the case with Bugzilla.
> >
> > So I was wondering about Git and the Right for Rectification. In
> contrast to
> > the Right to be Forgotten, the Right for Rectification, does not have any
> > exceptions I am aware of.
> >
> > Now what if somebody commits code to a Git repository (so the commit
> includes
> > their name and email address) and they change for example email
> addresses. In
> > that case, from my understanding, the Right for Rectification would
> trigger
> > and the controller of the Git repository may be forced to rectify the
> > information.
> >
> > This would require re-writing all history since that commit, which is
> a huge
> > issue.
> >
> > One argument against that which I heard that:
> >
> > - The email address was valid at the time the commit was made and is
> thus an
> > accurate representation of the history at the time the commit was made
> (which
> > is timestamped) and thus doesn’t need to be rectified.
> >
> > - It is expected that the user would provide accurate information and
> if they,
> > for example, have a typo in e.g. their name in the commit metadata, it
> is kind
> > of their fault and this does not need to be corrected.
> >
>
> Well, whose fault is is doesn't really matter to the GDPR.
>
> But no matter what, for git repositories, the solution is as easy as
> old: mailmaps.
>
> If someone wants to correct their mail address, just add a .mailmap file.
>
> For details check: https://www.git-scm.com/docs/git-check-mailmap
>
> I think this should be enough on top of HEAD
>
>
> --
> Signed
> Sheogorath
>
> _______________________________________________
> gdpr-discuss mailing list
> gdpr-discuss at earth.li
> https://www.earth.li/mailman/listinfo/gdpr-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.earth.li/pipermail/gdpr-discuss/attachments/20180521/203a1679/attachment.html>

More information about the gdpr-discuss mailing list