1
0
mirror of https://github.com/moparisthebest/xeps synced 2024-12-04 15:02:19 -05:00
xeps/inbox/gdpr.xml

87 lines
4.2 KiB
XML
Raw Normal View History

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE xep SYSTEM 'xep.dtd' [
<!ENTITY % ents SYSTEM 'xep.ent'>
%ents;
]>
<?xml-stylesheet type='text/xsl' href='xep.xsl'?>
<xep>
<header>
<title>Best practices for GDPR compliant deployment of XMPP</title>
<abstract>This informational XEP provides information on deploying XMPP in way that is compliant with the General Data Protection Regulation (GDPR) of the European Union.</abstract>
&LEGALNOTICE;
<number>xxxx</number>
<status>ProtoXEP</status>
<type>Informational</type>
<sig>Standards</sig>
<approver>Council</approver>
<dependencies>
<spec>XMPP Core</spec>
<spec>XEP-0001</spec>
</dependencies>
<supersedes/>
<supersededby/>
<shortname>NOT_YET_ASSIGNED</shortname>
<author>
<firstname>Winfried</firstname>
<surname>Tilanus</surname>
<email>winfried@tilanus.com</email>
<jid>winfried@tilanus.com</jid>
</author>
<revision>
<version>0.0.1</version>
<date>2018-05-22</date>
<initials>wt</initials>
<remark><p>First draft.</p></remark>
</revision>
</header>
<section1 topic='Introduction' anchor='intro'>
<p>The General Data Protection Regulation (GDPR) is an European Union wide regulation about handling personal data. This XEP is a central place with information for server operators who need (or want) to have their server GDPR compliant. This information is general and still subject to debate amongst lawyers, it doesn't offer a legal advice. When in doubt consult your own lawyer. </p>
<p>These best practices are aimed at operators of public jabbers servers that are federating with other public jabber servers. Though this XEP is written with a typical server setup in mind, it contains also some considerations for other setups. This XEP does not fully cover the requirements for private XMPP deployments, like an in company server and this XEP does not cover situations where the XMPP traffic is used to observe and analyse the behaviour of users.</p>
<p>The XMPP core specifications and many of the XMPP Extension Protocols describe handling of data that is regulated by the GDRP. But XMPP is deployed in many different jurisdictions and the aim of the protocols is to ensure interoperability, not to encode (local) laws into the protocols. So the protocols will only contain general information on the data that processed and will offer general functionality that is not specific for one jurisdiction. This XEP is the central point for gathering all information regarding setting up a server that is compliant with the GDPR. This XEP is accompanied by several other documents, including a template for Terms of Service and a template for a Privacy Statement.</p>
</section1>
<section1 topic='Requirements' anchor='reqs'>
<p>The aim of this XEP is to make it easy for operators of public XMPP servers to setup a GDPR compliant server. This XEP does not cover private setups or setups where the processed data is used for any purpose other then the communication between the end users.</p>
</section1>
<section1 topic='Glossary' anchor='glossary'>
<p>TBD</p>
</section1>
<section1 topic='XEPs covered in this document' anchor='covered'>
<table>
<tr>
<th>XEP</th><th>Relevance</th>
</tr>
</table>
</section1>
<section1 topic='Step 1: Is the GDPR appliccable to you?' anchor='appliccable'>
<p>TBD</p>
</section1>
<section1 topic='Step 2: Make sure your processing is according to the GDPR' anchor='processing'>
<section2 topic='Check logging and log rotation' anchor='logging'>
<p>TBD</p>
</section2>
<section2 topic='Check your spam filtering' anchor='spamfiltering'>
<p>TBD</p>
</section2>
<section2 topic='Check your MAM and offline storage settings' anchor='archiving'>
<p>TBD</p>
</section2>
</section1>
<section1 topic='Inform your users' anchor='inform'>
<section2 topic='Create a privacy statement' anchor='statement'>
<p>TBD</p>
</section2>
<section2 topic='Publish your privacy statement' anchor='publish'>
<p>TBD</p>
</section2>
</section1>
<section1 topic='Security Considerations' anchor='security'>
<p>REQUIRED.</p>
</section1>
<section1 topic='IANA Considerations' anchor='iana'>
<p>REQUIRED.</p>
</section1>
<section1 topic='XMPP Registrar Considerations' anchor='registrar'>
<p>REQUIRED.</p>
</section1>
</xep>