[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#43796: Privacy policy
|
From: |
pelzflorian (Florian Pelz) |
|
Subject: |
bug#43796: Privacy policy |
|
Date: |
Mon, 5 Oct 2020 11:54:32 +0200 |
On Sun, Oct 04, 2020 at 11:56:04AM -0400, Julien Lepiller wrote:
> The GDPR is not the only legislation that applies to us. For
> services hosted in France for instance, there is a legal obligation
> to keep logs for at least one year (not sure exactly who that
> applies to). There could be something similar in Germany where
> berlin is located.
A quick web search does not reveal any such obligation in Germany.
I also know people who don’t log. But again, IANAL.
The Debian Privacy Policy says they store web logs for 15 days.
But iplocation.net tells me their server is hosted in the Netherlands.
If the Guix admins do not intend to use such data to “respond to
excess usage or security attacks” on the website, logging should be
disabled and I will remove that wording from the proposed patch.
> I think some of the wording is vague. Does "can be used to identify"
> mean we will use the IP to identify the person (is it the reason we
> process this data?) Or is it something that we could technically do,
> but refuse to do?
I changed it to
During your use of Guix’ software in its default configuration,
your IP address will be revealed to the network services you use.
>From an IP address it may be possible to identify who uses the
service and from which internet connection. These services include
Attached is the complete patch with this single change.
Are there other things which are badly worded?
Regards,
Florian
0001-website-Add-privacy-policy.patch
Description: Text document