[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-users] Savannah mailing-lists and GDPR
From: |
Uwe Scholz |
Subject: |
Re: [Savannah-users] Savannah mailing-lists and GDPR |
Date: |
Sun, 22 Apr 2018 20:55:42 +0200 |
Thank you for the quick response, Assaf.
First, let me emphasize that I am not a lawyer and I am not sure if
the Savannah organization falls under the GDPR regulations. But as the
servers store also data of European citizens, I am relatively sure that
this _is_ the case. Other thoughts are welcome. See below for my other
comments.
Am Sun, 22 Apr 2018 05:26:11 -0600 schrieb Assaf Gordon:
> Hello,
>
> On 21/04/18 04:03 PM, Uwe Scholz wrote:
> > on May 25th the European General Data Protection Regulation will
> > become active (see https://www.eugdpr.org/) and I am wondering if
> > and what the admins at savannah.nongnu.org will do to be GDPR
> > compliant on that date.
>
> I suspect that "nothing" is the answer, but I could be wrong.
Do they read here, too? Where can we reach them?
> > Coming back to Savannah: I am especially wondering for example: if
> > a member of a mailing-list want's to know what of his data is
> > stored on Savannahs servers, where will he get this information? (I
> > am thinking of email address, Name, IP address, the date when the
> > subscription was made, etc.).
>
> full archives of all gnu and nongnu mailing lists are available for
> download as mbox files, containing full email headers )which include
> IP, message ID, date/time, etc.).
>
> For example, to download the entire archive of address@hidden,
> run the following command:
>
> rsync -avhP rsync://lists.gnu.org/mbox/gcmd-users .
>
> Then you can simply "grep" for any information you want.
Thank you for showing that rsync command above, this is very helpful. I
tried it and can confirm that I could download the gcmd-users
mailing-list completely.
(Not?) Surprisingly, I can also see all email-addresses in plain text of
every single email. (*) Different to that, on the archives web fronted
they are anonymized. This leads me to the next question: Regarding the
GDPR, there should be the "Right to be forgotten".
That means, if a user requests his personal data to be removed from the
Savannah servers, (and this affects also his email address!), this
should be possible somehow. In the case of the email-address it might be
enough to mask the one in question with asterisks in all mbox-archives
on the Savannah servers. I think this would be a solution for that
request and Savannah would be partly GDPR compliant.
Remark: I think the ability to be forgotten should be implemented here,
otherwise Savannah might run in danger to become the aim of a greedy
lawyer. And I as the admin of a mailing list don't want to be the
person in charge here. :-/
(*) The email address belongs to the personal data of a user and is in
need of protection regarding GDPR rules.
> As for the 'date of subscription' - I don't know if there's an easy
> way to get that information. When users subscribed they receive a
> confirmation email -if the kept it - they'll have the date.
If that information is not stored on the Savannah servers then it's
okay. The less is stored the better.
> > For me as the admin of a mailinglist: How can I help the user to get
> > this information? Am I allowed to do that? Or can I forward his
> > request to the Savannah admins?
>
> Show them the above command.
Got that.
> If they aren't comfortable with 'rsync', they can use FTP:
> ftp://lists.gnu.org/gcmd-users/
>
> Please don't direct them to savannah admins, we don't have more
> information than the above.
Good.
> > Another point: Are there any changes in the email subscription page
> > planned?
>
> Not to my knowledge.
>
> > believe a more detailed disclaimer would be necessary.
>
> As a mailing-list administrator for your project, you can modify the
> information shown on the page of the mailing lists for your project.
>
> When you login to the "administrative page" of your mailing list,
> select "Edit the public HTML pages and text files" under "Other
> administrator activities".
> You'll be able to change some of the web page text, and some of the
> email messages.
Thank you, I didn't know that. Currently it should be a good idea to
let the users know that their mail addresses are public available in
the archives when they send a mail to a mailing-list.
> regards,
> - assaf
Best wishes
Uwe