*** Pali has quit IRC | 00:10 | |
*** xes has quit IRC | 01:56 | |
*** xes has joined #maemo-meeting | 02:01 | |
*** eLtMosen has quit IRC | 02:13 | |
*** Pali has joined #maemo-meeting | 09:53 | |
*** Pali has quit IRC | 10:03 | |
*** eLtMosen has joined #maemo-meeting | 11:17 | |
*** jskarvad has joined #maemo-meeting | 12:04 | |
*** jskarvad is now known as jskarvad_eng | 12:04 | |
*** eLtMosen has quit IRC | 12:26 | |
*** jskarvad_eng is now known as jskarvad | 13:30 | |
*** eLtMosen has joined #maemo-meeting | 13:40 | |
*** eLtMosen has joined #maemo-meeting | 13:40 | |
*** povbot has joined #maemo-meeting | 17:40 | |
*** eLtMosen has quit IRC | 18:41 | |
*** Pali has joined #maemo-meeting | 18:53 | |
*** eLtMosen has joined #maemo-meeting | 19:15 | |
eLtMosen | evening guys! so this happy GDPR theme reached our shores as alerted by juiceme | 21:23 |
---|---|---|
eLtMosen | I translated some of the bits i gathered from a german generator and put them here https://piratenpad.de/p/maemo-gdpr | 21:23 |
*** jskarvad has quit IRC | 21:54 | |
eekkelund | Evening! Nice reminder that also we have to act :) | 22:03 |
eLtMosen | it fell all over me also at work :/ i am only half finished but hope we can get our special act together fast this evening | 22:08 |
juiceme | hiya guys! | 22:22 |
juiceme | eLtMosen o/ | 22:22 |
juiceme | eekkelund o/ | 22:22 |
juiceme | let's try to patch up something for the 25'th | 22:23 |
eLtMosen | Yay! i started some rough translation from a german generator https://piratenpad.de/p/maemo-gdpr | 22:23 |
juiceme | now I was thnkng we probably need to stick up the notice on front page of TMO, Maemo ang Garage but probably don't need to spam everyone, right? | 22:24 |
juiceme | , thx | 22:24 |
eLtMosen | but all the references to articles refer to GSDVO | 22:24 |
eLtMosen | don't now if it is the same as GDPR | 22:24 |
juiceme | I'll check if it's similar | 22:25 |
juiceme | I have fairly good view of what we need | 22:25 |
eLtMosen | i hope its just differnt naming for the same | 22:25 |
eLtMosen | DSGVO^ sry | 22:26 |
juiceme | I was collecting the data types we eep per user and it turns out there's plenty :) | 22:26 |
eLtMosen | ah ok, it is Die Datenschutz-Grundverordnung (DSGVO) also called General Data Protection Regulation (GDPR) | 22:27 |
juiceme | good. | 22:29 |
juiceme | GDPR is not a directive but EU law, which means it is the same in all EU countries, not adapted to local legislation | 22:30 |
eLtMosen | i checked both side by side Art. 6 Para. 1 lit. b. DSGVO is Lawfulness of processing / Rechtmäßigkeit der Verarbeitung so it is equal | 22:30 |
juiceme | which makes it easier to understand :) | 22:30 |
eLtMosen | so the general stuff i copied into the pirate stuff should apply | 22:30 |
eLtMosen | lol pirate pad | 22:31 |
juiceme | yeah! | 22:31 |
eLtMosen | added a hugh chunk to "what we collect" regarding the registration funktion | 22:38 |
eLtMosen | it also states that we need to inform users about gdpr when they register | 22:38 |
sicelo | hi all. good move re:gdpr | 22:39 |
eLtMosen | dear greatings sicelo! | 22:40 |
eLtMosen | it is double edged... good to prevent the miss use of data by big players, but mostly pita for small site maintainers | 22:41 |
sicelo | i can imagine. | 22:43 |
* sicelo is not in EU | 22:43 | |
eLtMosen | next hugh chunk on "user content / contributions" | 22:43 |
juiceme | sicelo, o/ | 22:47 |
juiceme | sicelo, even though you're not in EU oursystems are and need to comply with EU law :) | 22:47 |
sicelo | yeah :p | 22:47 |
sicelo | that's why it's really good that something is happening in that regard | 22:48 |
juiceme | lately I have been getting tons of emails from all services I ever registered to, with GDPR info | 22:48 |
eLtMosen | juiceme, do you know if we need a "Data processing contract" with our hoster?? | 22:49 |
eLtMosen | i needed to do a special gdpr contraxt with my hoster. they supplied a form i filled out. | 22:49 |
eLtMosen | but that might be because i am doing commercial things | 22:50 |
eLtMosen | Also, i needed an action plan to detect and prevent data breach | 22:51 |
juiceme | eLtMosen what's in a "Data processing contract"? we did not need one for our company association | 22:55 |
juiceme | as I understand it all boils down to if it is commercial/exploitable | 22:56 |
eLtMosen | direct translation is | 22:56 |
eLtMosen | Contract for order processing according to Art. 28 DSGVO | 22:56 |
juiceme | What I think is wondrful is that our data is on our own HW, on the blades that we own at the provider's facility | 22:56 |
eLtMosen | We forward our userdate to them by storing them on their system | 22:57 |
juiceme | I tink that saves shitload for us | 22:57 |
eLtMosen | ah ok, self hosted | 22:57 |
juiceme | our "provider" only provides electicity and network connectivity | 22:57 |
eLtMosen | i forgot. nice | 22:57 |
juiceme | and AFAIK has no possibility to log into our blades on the hypervisor level | 22:58 |
juiceme | it's just great | 22:58 |
juiceme | otherwice, I'd say we would need a *lot* of forms to fill etc. | 22:58 |
eLtMosen | so the hosting part i copied applies! It states "we or our hosting companie..." | 22:59 |
juiceme | yikes, the "person" table og TMO midgard has 55 rows! | 22:59 |
juiceme | plus all the other crosslinked tables! | 22:59 |
juiceme | 154 of them, precisely! | 22:59 |
eekkelund | juiceme: what info maemo.org collects? 55rows? | 23:00 |
juiceme | well check your "settings" page on TMO | 23:00 |
eLtMosen | No problem, we can argue we need all for "Provision of our statutory and business services" lol | 23:00 |
eekkelund | ah true | 23:00 |
juiceme | and all the metadata, how many posts, thanks, given thanks, last accessytime, when account was created... | 23:01 |
eLtMosen | is part of how the site works.. | 23:01 |
eLtMosen | Provision of our statutory and business services | 23:01 |
eLtMosen | Only we need to make sure user can opt out Forever | 23:01 |
juiceme | To enumerate all the relevant data takes a while I guess | 23:01 |
eLtMosen | no need to | 23:02 |
juiceme | yes the forever-bit is a bit worriesome | 23:02 |
juiceme | also the part on user being eligible to receive all the stored info on request | 23:02 |
juiceme | a database dump of moderate size :) :) | 23:03 |
eLtMosen | only needs to be machine readable.lol | 23:03 |
juiceme | lucky there is time to process the request, if somebody wants it it need not be available immediately | 23:03 |
eLtMosen | jepp | 23:03 |
eLtMosen | are you capable to do so? | 23:04 |
juiceme | well GDPR mandates all data need to be transferrable; hence just a binary dump is a no-go, need to be some strutured format | 23:04 |
juiceme | well I think it's doable; SQL dump from the database selected by the user ID | 23:05 |
eekkelund | who else can do that than you? | 23:06 |
juiceme | that'd include all the personal datals plus all generated content; for example in my case the 4300 postings I have ever made on TMO plus the mailbox content and so on | 23:06 |
juiceme | eekkelund, I hope you could look into it :) | 23:07 |
eekkelund | oh okay :D | 23:08 |
juiceme | arrgh, I forgot the wiki, that's 5:th system | 23:08 |
eLtMosen | Juice, all the systems belong into the "who we are" 1st topic. we also need to give maemo ev adressthere | 23:09 |
juiceme | yes | 23:10 |
juiceme | I think it still is not changed, eV address is the same as mentioned in wiki | 23:11 |
eLtMosen | are you sure we need to specifiy the individual type per platform? i guess all the hugh chunks of text do catch that all already | 23:11 |
sicelo | looks like there's a lot of work involved in this! | 23:11 |
juiceme | eLtMosen, we don't need to do that, I'm just listing all so we can see we are not missing anything. However in the end we can just list all we have without specifying the different systems | 23:13 |
eLtMosen | got it | 23:13 |
juiceme | sicelo indeed it is... and I think we are not even the slowest to do it; I bet some copmanies/associations have still more to do than we have :) | 23:13 |
juiceme | but as we used to say in college, there are always 24h in tha last day before an assignment has due date :) | 23:14 |
*** Pali has quit IRC | 23:14 | |
*** Pali has joined #maemo-meeting | 23:15 | |
sicelo | does this have a due date? | 23:15 |
sicelo | oh i see ... 25th May? | 23:17 |
eLtMosen | right | 23:18 |
eLtMosen | i once got an admonition from state for misswording something in my "recall" declaration. they wanted 5000€, i negotiated them down to 500 :/ better prevent that i get food for admonition sharks again | 23:19 |
sicelo | :) | 23:20 |
juiceme | huh, how was that? | 23:22 |
juiceme | ah by "recall declaration" you mean tax returns? | 23:23 |
juiceme | that's always a red flag for governments :) | 23:23 |
eLtMosen | no, just an information i had to issue to my customers regarding product return | 23:24 |
eLtMosen | not recall but return i meant | 23:25 |
eLtMosen | i only issue Vouchers and had no return in 10 years... but pais 500€ for misleading my customers how to do it :/ | 23:26 |
juiceme | huh, how come they give you a fine on that? | 23:26 |
juiceme | ah yes I see, the information was incorrect and you were slapped for that! | 23:26 |
eLtMosen | there a specialized lawyers in germany that make a living by checking your hompage for complience with all rules and make a case against you if they find the slightest mistake... welcome to germany | 23:27 |
eekkelund | eLtMosen: wow... | 23:28 |
juiceme | but that stands to reason we need to provide the GDPR data as comprehensively as we can; otherwice there might be consequences. Altough, as we are not commercial I suspect there will not be large fines | 23:28 |
eLtMosen | yes, but the text blocks i copied are quite save | 23:29 |
juiceme | and I would not want to see an attorney try to knock down our door to shake some money out of us | 23:29 |
juiceme | yes | 23:29 |
eLtMosen | I took it from a special site where an attorney has a generator for non profit and private persons | 23:30 |
juiceme | yes I think too that is the right way to do it | 23:31 |
eLtMosen | i have not found a proper wording for the last three topics you listed | 23:31 |
eLtMosen | rho | 23:32 |
eLtMosen | though | 23:32 |
eLtMosen | also, could you point me to the mcev adress? i am blind and do not find since 5 minutes | 23:32 |
juiceme | http://wiki.maemo.org/MaemoCommunity_eV | 23:33 |
juiceme | ah indeed it says "Full address is provided in the application form" | 23:33 |
juiceme | http://wiki.maemo.org/images/a/a1/MCeV_ApplicationForm.pdf | 23:34 |
juiceme | eLtMosen ^^^ | 23:35 |
eLtMosen | jepp | 23:35 |
eLtMosen | i remember | 23:35 |
Generated by irclog2html.py 2.15.1 by Marius Gedminas - find it at mg.pov.lt!