IRC log of #maemo-meeting for Tuesday, 2018-05-22

*** Pali has quit IRC00:10
*** xes has quit IRC01:56
*** xes has joined #maemo-meeting02:01
*** eLtMosen has quit IRC02:13
*** Pali has joined #maemo-meeting09:53
*** Pali has quit IRC10:03
*** eLtMosen has joined #maemo-meeting11:17
*** jskarvad has joined #maemo-meeting12:04
*** jskarvad is now known as jskarvad_eng12:04
*** eLtMosen has quit IRC12:26
*** jskarvad_eng is now known as jskarvad13:30
*** eLtMosen has joined #maemo-meeting13:40
*** eLtMosen has joined #maemo-meeting13:40
*** povbot has joined #maemo-meeting17:40
*** eLtMosen has quit IRC18:41
*** Pali has joined #maemo-meeting18:53
*** eLtMosen has joined #maemo-meeting19:15
eLtMosenevening guys! so this happy GDPR theme reached our shores as alerted by juiceme21:23
eLtMosenI translated some of the bits i gathered from a german generator and put them here https://piratenpad.de/p/maemo-gdpr21:23
*** jskarvad has quit IRC21:54
eekkelundEvening! Nice reminder that also we have to act :)22:03
eLtMosenit fell all over me also at work :/ i am only half finished but hope we can get our special act together fast this evening22:08
juicemehiya guys!22:22
juicemeeLtMosen o/22:22
juicemeeekkelund o/22:22
juicemelet's try to patch up something for the 25'th22:23
eLtMosenYay! i started some rough translation from a german generator https://piratenpad.de/p/maemo-gdpr22:23
juicemenow I was thnkng we probably need to stick up the notice on front page of TMO, Maemo ang Garage but probably don't need to spam everyone, right?22:24
juiceme, thx22:24
eLtMosenbut all the references to articles refer to GSDVO22:24
eLtMosendon't now if it is the same as GDPR22:24
juicemeI'll check if it's similar22:25
juicemeI have fairly good view of what we need22:25
eLtMoseni hope its just differnt naming for the same22:25
eLtMosenDSGVO^ sry22:26
juicemeI was collecting the data types we eep per user and it turns out there's plenty :)22:26
eLtMosenah ok, it is Die Datenschutz-Grundverordnung (DSGVO) also called General Data Protection Regulation (GDPR)22:27
juicemegood.22:29
juicemeGDPR is not a directive but EU law, which means it is the same in all EU countries, not adapted to local legislation22:30
eLtMoseni checked both side by side Art. 6 Para. 1 lit. b. DSGVO is Lawfulness of processing / Rechtmäßigkeit der Verarbeitung so it is equal22:30
juicemewhich makes it easier to understand :)22:30
eLtMosenso the general stuff i copied into the pirate stuff should apply22:30
eLtMosenlol pirate pad22:31
juicemeyeah!22:31
eLtMosenadded a hugh chunk to "what we collect" regarding the registration funktion22:38
eLtMosenit also states that we need to inform users about gdpr when they register22:38
sicelohi all. good move re:gdpr22:39
eLtMosendear greatings sicelo!22:40
eLtMosenit is double edged... good to prevent the miss use of data by big players, but mostly pita for small site maintainers22:41
siceloi can imagine.22:43
* sicelo is not in EU22:43
eLtMosennext hugh chunk on "user content / contributions"22:43
juicemesicelo, o/22:47
juicemesicelo, even though you're not in EU oursystems are and need to comply with EU law :)22:47
siceloyeah :p22:47
sicelothat's why it's really good that something is happening in that regard22:48
juicemelately I have been getting tons of emails from all services I ever registered to, with GDPR info22:48
eLtMosenjuiceme, do you know if we need a "Data processing contract" with our hoster??22:49
eLtMoseni needed to do a special gdpr contraxt with my hoster. they supplied a form i filled out.22:49
eLtMosenbut that might be because i am doing commercial things22:50
eLtMosenAlso, i needed an action plan to detect and prevent data breach22:51
juicemeeLtMosen what's in a "Data processing contract"? we did not need one for our company association22:55
juicemeas I understand it all boils down to if it is commercial/exploitable22:56
eLtMosendirect translation is22:56
eLtMosenContract for order processing according to Art. 28 DSGVO22:56
juicemeWhat I think is wondrful is that our data is on our own HW, on the blades that we own at the provider's facility22:56
eLtMosenWe forward our userdate to them by storing them on their system22:57
juicemeI tink that saves shitload for us22:57
eLtMosenah ok, self hosted22:57
juicemeour "provider" only provides electicity and network connectivity22:57
eLtMoseni forgot. nice22:57
juicemeand AFAIK has no possibility to log into our blades on the hypervisor level22:58
juicemeit's just great22:58
juicemeotherwice, I'd say we would need a *lot* of forms to fill etc.22:58
eLtMosenso the hosting part i copied applies! It states "we or our hosting companie..."22:59
juicemeyikes, the "person" table og TMO midgard has 55 rows!22:59
juicemeplus all the other crosslinked tables!22:59
juiceme154 of them, precisely!22:59
eekkelundjuiceme: what info maemo.org collects? 55rows?23:00
juicemewell check your "settings" page on TMO23:00
eLtMosenNo problem, we can argue we need all for "Provision of our statutory and business services" lol23:00
eekkelundah true23:00
juicemeand all the metadata, how many posts, thanks, given thanks, last accessytime, when account was created...23:01
eLtMosenis part of how the site works..23:01
eLtMosenProvision of our statutory and business services23:01
eLtMosenOnly we need to make sure user can opt out Forever23:01
juicemeTo enumerate all the relevant data takes a while I guess23:01
eLtMosenno need to23:02
juicemeyes the forever-bit is a bit worriesome23:02
juicemealso the part on user being eligible to receive all the stored info on request23:02
juicemea database dump of moderate size :) :)23:03
eLtMosenonly needs to be machine readable.lol23:03
juicemelucky there is time to process the request, if somebody wants it it need not be available immediately23:03
eLtMosenjepp23:03
eLtMosenare you capable to do so?23:04
juicemewell GDPR mandates all data need to be transferrable; hence just a binary dump is a no-go, need to be some strutured format23:04
juicemewell I think it's doable; SQL dump from the database selected by the user ID23:05
eekkelundwho else can do that than you?23:06
juicemethat'd include all the personal datals plus all generated content; for example in my case the 4300 postings I have ever made on TMO plus the mailbox content and so on23:06
juicemeeekkelund, I hope you could look into it :)23:07
eekkelundoh okay :D23:08
juicemearrgh, I forgot the wiki, that's 5:th system23:08
eLtMosenJuice, all the systems belong into the "who we are" 1st topic. we also need to give maemo ev adressthere23:09
juicemeyes23:10
juicemeI think it still is not changed, eV address is the same as mentioned in wiki23:11
eLtMosenare you sure we need to specifiy the individual type per platform? i guess all the hugh chunks of text do catch that all already23:11
sicelolooks like there's a lot of work involved in this!23:11
juicemeeLtMosen, we don't need to do that, I'm just listing all so we can see we are not missing anything. However in the end we can just list all we have without specifying the different systems23:13
eLtMosengot it23:13
juicemesicelo indeed it is... and I think we are not even the slowest to do it; I bet some copmanies/associations have still more to do than we have :)23:13
juicemebut as we used to say in college, there are always 24h in tha last day before an assignment has due date :)23:14
*** Pali has quit IRC23:14
*** Pali has joined #maemo-meeting23:15
sicelodoes this have a due date?23:15
sicelooh i see ... 25th May?23:17
eLtMosenright23:18
eLtMoseni once got an admonition from state for misswording something in my "recall" declaration. they wanted 5000€, i negotiated them down to 500 :/ better prevent that i get food for admonition sharks again23:19
sicelo:)23:20
juicemehuh, how was that?23:22
juicemeah by "recall declaration" you mean tax returns?23:23
juicemethat's always a red flag for governments :)23:23
eLtMosenno, just an information i had to issue to my customers regarding product return23:24
eLtMosennot recall but return i meant23:25
eLtMoseni only issue Vouchers and had no return in 10 years... but pais 500€ for misleading my customers how to do it :/23:26
juicemehuh, how come they give you a fine on that?23:26
juicemeah yes I see, the information was incorrect and you were slapped for that!23:26
eLtMosenthere a specialized lawyers in germany that make a living by checking your hompage for complience with all rules and make a case against you if they find the slightest mistake... welcome to germany23:27
eekkelundeLtMosen: wow...23:28
juicemebut that stands to reason we need to provide the GDPR data as comprehensively as we can; otherwice there might be consequences. Altough, as we are not commercial I suspect there will not be large fines23:28
eLtMosenyes, but the text blocks i copied are quite save23:29
juicemeand I would not want to see an attorney try to knock down our door to shake some money out of us23:29
juicemeyes23:29
eLtMosenI took it from a special site where an attorney has a generator for non profit and private persons23:30
juicemeyes I think too that is the right way to do it23:31
eLtMoseni have not found a proper wording for the last three topics you listed23:31
eLtMosenrho23:32
eLtMosenthough23:32
eLtMosenalso, could you point me to the mcev adress? i am blind and do not find since 5 minutes23:32
juicemehttp://wiki.maemo.org/MaemoCommunity_eV23:33
juicemeah indeed it says "Full address is provided in the application form"23:33
juicemehttp://wiki.maemo.org/images/a/a1/MCeV_ApplicationForm.pdf23:34
juicemeeLtMosen ^^^23:35
eLtMosenjepp23:35
eLtMoseni remember23:35

Generated by irclog2html.py 2.15.1 by Marius Gedminas - find it at mg.pov.lt!