You are viewing a plain text version of this content. The canonical link for it is here.
Posted to privacy-discuss@apache.org by Ismaël Mejía <ie...@gmail.com> on 2020/02/07 15:32:48 UTC
GDPR and public contributors information
Hello,
I am new to the list and come here because I am curious if we have
guidelines for Apache projects and GDPR. I suppose we should probably
require the advise of REAL lawyers to create such set of rules. So far the
only thing I found was this and it does not read like real advise but just
random people trying to figure things out.
https://issues.apache.org/jira/browse/LEGAL-383
We had a reported issue on Apache Beam recently that argues that we are not
allowed to expose personal user data (which we do in the public .mailmap
file in our repo) as part of GDPR.
https://issues.apache.org/jira/browse/BEAM-8647
Is this the case? I suppose that if someone asks us to remove this info we
should be obliged to so not sure if we should work to prevent this, on the
other hand since this information is in git we cannot alter the history
without consequences. There is a stackoverflow conversation around this too
https://law.stackexchange.com/questions/24623/gdpr-git-history
Thanks,
Ismaël
Re: GDPR and public contributors information
Posted by Kenneth Knowles <ke...@apache.org>.
On 2020/02/07 17:02:39, Dirk-Willem van Gulik <di...@webweaving.org> wrote:
> On 7 Feb 2020, at 16:32, Ismaël Mejía <ie...@gmail.com> wrote:
>
> > I am new to the list and come here because I am curious if we have
> > guidelines for Apache projects and GDPR. I suppose we should probably
>
> We are in the middle of rekindling this effort.
>
> > require the advise of REAL lawyers to create such set of rules. So far the
> > only thing I found was this and it does not read like real advise but just
> > random people trying to figure things out.
> > https://issues.apache.org/jira/browse/LEGAL-383
>
> I've already started to track that one - in order to get it resolved.
>
> > We had a reported issue on Apache Beam recently that argues that we are not
> > allowed to expose personal user data (which we do in the public .mailmap
> > file in our repo) as part of GDPR.
> > https://issues.apache.org/jira/browse/BEAM-8647
>
> Thanks - that one is new - and I'll add it to the one to get sorted out.
>
> > Is this the case? I suppose that if someone asks us to remove this info we
> > should be obliged to so not sure if we should work to prevent this, on the
> > other hand since this information is in git we cannot alter the history
> > without consequences.
>
> Correct - and we need to make a tradeoff between the rights of the individual; the damage done to key processes that are required for the functioning of the foundation (e.g. it is very hard to think of a case were you'd delete the record you'd have on a software grant or a committer license agreement that is tied up with code that is still in releases), the information essential for the functioning of a community, the harm done to the individual and what is ``reasonable and proportional'' to that.
Hi, I was just pointed to this thread. Is there any update?
Kenn
>
> Dw
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: privacy-discuss-unsubscribe@apache.org
> For additional commands, e-mail: privacy-discuss-help@apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: privacy-discuss-unsubscribe@apache.org
For additional commands, e-mail: privacy-discuss-help@apache.org
Re: GDPR and public contributors information
Posted by Dirk-Willem van Gulik <di...@webweaving.org>.
On 7 Feb 2020, at 16:32, Ismaël Mejía <ie...@gmail.com> wrote:
> I am new to the list and come here because I am curious if we have
> guidelines for Apache projects and GDPR. I suppose we should probably
We are in the middle of rekindling this effort.
> require the advise of REAL lawyers to create such set of rules. So far the
> only thing I found was this and it does not read like real advise but just
> random people trying to figure things out.
> https://issues.apache.org/jira/browse/LEGAL-383
I've already started to track that one - in order to get it resolved.
> We had a reported issue on Apache Beam recently that argues that we are not
> allowed to expose personal user data (which we do in the public .mailmap
> file in our repo) as part of GDPR.
> https://issues.apache.org/jira/browse/BEAM-8647
Thanks - that one is new - and I'll add it to the one to get sorted out.
> Is this the case? I suppose that if someone asks us to remove this info we
> should be obliged to so not sure if we should work to prevent this, on the
> other hand since this information is in git we cannot alter the history
> without consequences.
Correct - and we need to make a tradeoff between the rights of the individual; the damage done to key processes that are required for the functioning of the foundation (e.g. it is very hard to think of a case were you'd delete the record you'd have on a software grant or a committer license agreement that is tied up with code that is still in releases), the information essential for the functioning of a community, the harm done to the individual and what is ``reasonable and proportional'' to that.
Dw
---------------------------------------------------------------------
To unsubscribe, e-mail: privacy-discuss-unsubscribe@apache.org
For additional commands, e-mail: privacy-discuss-help@apache.org