savannah-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-users] Savannah mailing-lists and GDPR

From: Uwe Scholz
Subject: Re: [Savannah-users] Savannah mailing-lists and GDPR
Date: Sun, 22 Apr 2018 20:55:42 +0200 
Thank you for the quick response, Assaf.

First, let me emphasize that I am not a lawyer and I am not sure if
the Savannah organization falls under the GDPR regulations. But as the
servers store also data of European citizens, I am relatively sure that
this _is_ the case. Other thoughts are welcome. See below for my other
comments.

Am Sun, 22 Apr 2018 05:26:11 -0600 schrieb Assaf Gordon:

> Hello,
> 
> On 21/04/18 04:03 PM, Uwe Scholz wrote:
> > on May 25th the European General Data Protection Regulation will 
> > become active (see https://www.eugdpr.org/) and I am wondering if
> > and what the admins at savannah.nongnu.org will do to be GDPR
> > compliant on that date.  
> 
> I suspect that "nothing" is the answer, but I could be wrong.

Do they read here, too? Where can we reach them?

> > Coming back to Savannah: I am especially wondering for example: if
> > a member of a mailing-list want's to know what of his data is
> > stored on Savannahs servers, where will he get this information? (I
> > am thinking of email address, Name, IP address, the date when the
> > subscription was made, etc.).  
> 
> full archives of all gnu and nongnu mailing lists are available for
> download as mbox files, containing full email headers )which include
> IP, message ID, date/time, etc.).
> 
> For example, to download the entire archive of address@hidden,
> run the following command:
> 
>    rsync -avhP rsync://lists.gnu.org/mbox/gcmd-users .
> 
> Then you can simply "grep" for any information you want.

Thank you for showing that rsync command above, this is very helpful. I
tried it and can confirm that I could download the gcmd-users
mailing-list completely.

(Not?) Surprisingly, I can also see all email-addresses in plain text of
every single email. (*) Different to that, on the archives web fronted
they are anonymized. This leads me to the next question: Regarding the
GDPR, there should be the "Right to be forgotten".

That means, if a user requests his personal data to be removed from the
Savannah servers, (and this affects also his email address!), this
should be possible somehow. In the case of the email-address it might be
enough to mask the one in question with asterisks in all mbox-archives
on the Savannah servers. I think this would be a solution for that
request and Savannah would be partly GDPR compliant.

Remark: I think the ability to be forgotten should be implemented here,
otherwise Savannah might run in danger to become the aim of a greedy
lawyer. And I as the admin of a mailing list don't want to be the
person in charge here. :-/

(*) The email address belongs to the personal data of a user and is in
need of protection regarding GDPR rules.

> As for the 'date of subscription' - I don't know if there's an easy
> way to get that information. When users subscribed they receive a
> confirmation email -if the kept it - they'll have the date.

If that information is not stored on the Savannah servers then it's
okay. The less is stored the better.

> > For me as the admin of a mailinglist: How can I help the user to get
> >  this information? Am I allowed to do that? Or can I forward his 
> > request to the Savannah admins?  
> 
> Show them the above command.

Got that.

> If they aren't comfortable with 'rsync', they can use FTP:
>    ftp://lists.gnu.org/gcmd-users/
> 
> Please don't direct them to savannah admins, we don't have more
> information than the above.

Good.

> > Another point: Are there any changes in the email subscription page 
> > planned?  
> 
> Not to my knowledge.
> 
> > believe a more detailed disclaimer would be necessary.  
> 
> As a mailing-list administrator for your project, you can modify the
> information shown on the page of the mailing lists for your project.
> 
> When you login to the "administrative page" of your mailing list,
> select "Edit the public HTML pages and text files" under "Other 
> administrator activities".
> You'll be able to change some of the web page text, and some of the 
> email messages.

Thank you, I didn't know that. Currently it should be a good idea to
let the users know that their mail addresses are public available in
the archives when they send a mail to a mailing-list.

> regards,
>   - assaf

Best wishes
Uwe
reply via email to
[Prev in Thread] Current Thread [Next in Thread]