You are viewing a plain text version of this content. The canonical link for it is here.
Posted to legal-discuss@apache.org by "Henri Yandell (JIRA)" <ji...@apache.org> on 2019/03/12 15:34:00 UTC

[jira] [Commented] (LEGAL-383) Evaluate our Privacy Policy in compliance with GDPR

    [ https://issues.apache.org/jira/browse/LEGAL-383?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16790657#comment-16790657 ] 

Henri Yandell commented on LEGAL-383:
-------------------------------------

Assigned to John Kinsella, our new VP Data Privacy :)

> Evaluate our Privacy Policy in compliance with GDPR
> ---------------------------------------------------
>
>                 Key: LEGAL-383
>                 URL: https://issues.apache.org/jira/browse/LEGAL-383
>             Project: Legal Discuss
>          Issue Type: Task
>            Reporter: Michael Osipov
>            Assignee: John Kinsella
>            Priority: Major
>
> This is a transsript of an email to legal-discuss. I was advised to open a ticket.
> Folks,
> is there any legal statement from the ASF how to proceed with our 
> privacy policy, especially Google Analytics, from 2018-05-25?
> All maven.a.o use GA and I have written a mail to private@maven.a.o, but 
> no one reaction to. Here is a transcript:
> ========================
> Hi folks,
> raising this privately for the moment to assess the current situation as 
> well as how we want to deal with our sites after 2018-05-25.
> Most of you might know that EU-DSGVO (GDPR in English) is rapidly 
> approaching and our Maven sites (and likely other Apache sites) are 
> already illegal with BDSG (Germany's privacy law) due to GA. From 25th 
> May it will be illegal in the entire EU. Though, I haven't read the 
> entire regulation, some basic points we don't meet now [1], [2]:
> * Ask for user's consent
> * Anonymizing the IP
> * Present an easily accesible privacy policy
> * Provide an opt-out option
> None of these criteria are met as of today.
> See also [3].
> maven.apache.org points for me to 2001:bc8:2142:300:: which is a French 
> IP address.
> Any ideas? Is there any special legal dept with the ASF who can take 
> care of and we will implement?
> The easiest one is to drop it altogether from site.xml.
> Michael
> [1] 
> https://www.kloos.de/blog/google-analytics-die-datenschutzgrundverordnung/
> [2] https://www.kloos.de/blog/google-analytics-datenschutzkonform-nutzen/
> [3] https://issues.apache.org/jira/browse/MSKINS-143
> ========================
> I do believe that what we do now, regardless ASF top page as well as 
> maven.a.o is illegal in a few days.
> Can someone react on? Do I need to raise this with LEGAL on JIRA?
> I am convinced that there are already hords of laywers who have prepared 
> cease and desist letter for those who still don't comply with.
> Does this has to be raised with https://www.cnil.fr/ since the IP 
> address terminates in France?



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org