You are viewing a plain text version of this content. The canonical link for it is here.

Posted to legal-discuss@apache.org by "Michael Osipov (Jira)" <ji...@apache.org> on 2020/01/05 12:11:00 UTC

[jira] [Commented] (LEGAL-383) Evaluate our Privacy Policy in compliance with GDPR

    [ https://issues.apache.org/jira/browse/LEGAL-383?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17008306#comment-17008306 ] 

Michael Osipov commented on LEGAL-383:
--------------------------------------

Still no update...

> Evaluate our Privacy Policy in compliance with GDPR
> ---------------------------------------------------
>
>                 Key: LEGAL-383
>                 URL: https://issues.apache.org/jira/browse/LEGAL-383
>             Project: Legal Discuss
>          Issue Type: Task
>          Components: Privacy
>            Reporter: Michael Osipov
>            Assignee: John Kinsella
>            Priority: Major
>
> This is a transsript of an email to legal-discuss. I was advised to open a ticket.
> Folks,
> is there any legal statement from the ASF how to proceed with our 
> privacy policy, especially Google Analytics, from 2018-05-25?
> All maven.a.o use GA and I have written a mail to private@maven.a.o, but 
> no one reaction to. Here is a transcript:
> ========================
> Hi folks,
> raising this privately for the moment to assess the current situation as 
> well as how we want to deal with our sites after 2018-05-25.
> Most of you might know that EU-DSGVO (GDPR in English) is rapidly 
> approaching and our Maven sites (and likely other Apache sites) are 
> already illegal with BDSG (Germany's privacy law) due to GA. From 25th 
> May it will be illegal in the entire EU. Though, I haven't read the 
> entire regulation, some basic points we don't meet now [1], [2]:
> * Ask for user's consent
> * Anonymizing the IP
> * Present an easily accesible privacy policy
> * Provide an opt-out option
> None of these criteria are met as of today.
> See also [3].
> maven.apache.org points for me to 2001:bc8:2142:300:: which is a French 
> IP address.
> Any ideas? Is there any special legal dept with the ASF who can take 
> care of and we will implement?
> The easiest one is to drop it altogether from site.xml.
> Michael
> [1] 
> https://www.kloos.de/blog/google-analytics-die-datenschutzgrundverordnung/
> [2] https://www.kloos.de/blog/google-analytics-datenschutzkonform-nutzen/
> [3] https://issues.apache.org/jira/browse/MSKINS-143
> ========================
> I do believe that what we do now, regardless ASF top page as well as 
> maven.a.o is illegal in a few days.
> Can someone react on? Do I need to raise this with LEGAL on JIRA?
> I am convinced that there are already hords of laywers who have prepared 
> cease and desist letter for those who still don't comply with.
> Does this has to be raised with https://www.cnil.fr/ since the IP 
> address terminates in France?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

Re: [jira] [Commented] (LEGAL-383) Evaluate our Privacy Policy in compliance with GDPR

Posted by Fantri Fitriani <fa...@gmail.com>.

Pada tanggal Min, 5 Jan 2020 20.11, Michael Osipov (Jira) <ji...@apache.org>
menulis:

>
>     [
> https://issues.apache.org/jira/browse/LEGAL-383?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17008306#comment-17008306
> ]
>
> Michael Osipov commented on LEGAL-383:
> --------------------------------------
>
> Still no update...
>
> > Evaluate our Privacy Policy in compliance with GDPR
> > ---------------------------------------------------
> >
> >                 Key: LEGAL-383
> >                 URL: https://issues.apache.org/jira/browse/LEGAL-383
> >             Project: Legal Discuss
> >          Issue Type: Task
> >          Components: Privacy
> >            Reporter: Michael Osipov
> >            Assignee: John Kinsella
> >            Priority: Major
> >
> > This is a transsript of an email to legal-discuss. I was advised to open
> a ticket.
> > Folks,
> > is there any legal statement from the ASF how to proceed with our
> > privacy policy, especially Google Analytics, from 2018-05-25?
> > All maven.a.o use GA and I have written a mail to private@maven.a.o,
> but
> > no one reaction to. Here is a transcript:
> > ========================
> > Hi folks,
> > raising this privately for the moment to assess the current situation as
> > well as how we want to deal with our sites after 2018-05-25.
> > Most of you might know that EU-DSGVO (GDPR in English) is rapidly
> > approaching and our Maven sites (and likely other Apache sites) are
> > already illegal with BDSG (Germany's privacy law) due to GA. From 25th
> > May it will be illegal in the entire EU. Though, I haven't read the
> > entire regulation, some basic points we don't meet now [1], [2]:
> > * Ask for user's consent
> > * Anonymizing the IP
> > * Present an easily accesible privacy policy
> > * Provide an opt-out option
> > None of these criteria are met as of today.
> > See also [3].
> > maven.apache.org points for me to 2001:bc8:2142:300:: which is a French
> > IP address.
> > Any ideas? Is there any special legal dept with the ASF who can take
> > care of and we will implement?
> > The easiest one is to drop it altogether from site.xml.
> > Michael
> > [1]
> >
> https://www.kloos.de/blog/google-analytics-die-datenschutzgrundverordnung/
> > [2]
> https://www.kloos.de/blog/google-analytics-datenschutzkonform-nutzen/
> > [3] https://issues.apache.org/jira/browse/MSKINS-143
> > ========================
> > I do believe that what we do now, regardless ASF top page as well as
> > maven.a.o is illegal in a few days.
> > Can someone react on? Do I need to raise this with LEGAL on JIRA?
> > I am convinced that there are already hords of laywers who have prepared
> > cease and desist letter for those who still don't comply with.
> > Does this has to be raised with https://www.cnil.fr/ since the IP
> > address terminates in France?
>
>
>
> --
> This message was sent by Atlassian Jira
> (v8.3.4#803005)
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
>