From 106280a2fcfd3c7302b5b1050b298f4096574f72 Mon Sep 17 00:00:00 2001 From: Winfried Tilanus Date: Tue, 22 May 2018 17:51:29 +0200 Subject: [PATCH 1/2] Adding outline and first version for GDPR informational XEP (Work in Progress) --- inbox/GDPR.xml | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 inbox/GDPR.xml diff --git a/inbox/GDPR.xml b/inbox/GDPR.xml new file mode 100644 index 00000000..85896ab7 --- /dev/null +++ b/inbox/GDPR.xml @@ -0,0 +1,85 @@ + + +%ents; +]> + + +
+ Best practices for GDPR compliant deployment of XMPP + This informational XEP provides information on deploying XMPP in way that is compliant with the General Data Protection Regulation (GDPR) of the European Union. + &LEGALNOTICE; + xxxx + ProtoXEP + Informational + Standards + Council + + XMPP Core + XEP-0001 + + + + NOT_YET_ASSIGNED + + Winfried + Tilanus + winfried@tilanus.com + winfried@tilanus.com + + + 0.0.1 + 2018-05-22 + wt +

First draft.

+
+
+ +

The General Data Protection Regulation (GDPR) is an European Union wide regulation about handling personal data. This XEP is a central place with information for server operators who need (or want) to have their server GDPR compliant. These best practices are aimed at operators of public jabbers servers that are federating with other public jabber servers. Though this XEP is written with a typical server setup in mind, it contains also some considerations for other setups. This XEP does not fully cover the requirements for private XMPP deployments, like an in company server and this XEP does not cover situations where the XMPP traffic is used to observe and analyse the behaviour of users.

+

The XMPP core specifications and many of the XMPP Extension Protocols describe handling of data that is regulated by the GDRP. But XMPP is deployed in many different jurisdictions and the aim of the protocols is to ensure interoparability, not to encode (local) laws into the protocols. So the protocols will only contain general information on the data that processed and will offer general functionality that is not specific for one jurisdiction. This XEP is the central point for gathering all information regarding setting up a server that is compliant with the GDPR. This XEP is accompanied by several other documents, including a template for Terms of Service and a template for a Privacy Statement.

+
+ +

The aim of this XEP is to make it easy for operators of public XMPP servers to setup a GDPR compliant server. This XEP does not cover private setups or setups where the processed data is used for any purpose other then the communication between the end users.

+
+ +

TBD

+
+ + + + + +
XEPRelevance
+
+ +

TBD

+
+ + +

TBD

+
+ +

TBD

+
+ +

TBD

+
+
+ + +

TBD

+
+ +

TBD

+
+
+ +

REQUIRED.

+
+ +

REQUIRED.

+
+ +

REQUIRED.

+
+
From 9493f246317be3106af683f60a4da03995644e98 Mon Sep 17 00:00:00 2001 From: Winfried Tilanus Date: Tue, 22 May 2018 18:03:58 +0200 Subject: [PATCH 2/2] GDPR-XEP: Adding note on legal advice to introduction and fix language --- inbox/GDPR.xml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/inbox/GDPR.xml b/inbox/GDPR.xml index 85896ab7..d5bb1181 100644 --- a/inbox/GDPR.xml +++ b/inbox/GDPR.xml @@ -35,8 +35,9 @@ -

The General Data Protection Regulation (GDPR) is an European Union wide regulation about handling personal data. This XEP is a central place with information for server operators who need (or want) to have their server GDPR compliant. These best practices are aimed at operators of public jabbers servers that are federating with other public jabber servers. Though this XEP is written with a typical server setup in mind, it contains also some considerations for other setups. This XEP does not fully cover the requirements for private XMPP deployments, like an in company server and this XEP does not cover situations where the XMPP traffic is used to observe and analyse the behaviour of users.

-

The XMPP core specifications and many of the XMPP Extension Protocols describe handling of data that is regulated by the GDRP. But XMPP is deployed in many different jurisdictions and the aim of the protocols is to ensure interoparability, not to encode (local) laws into the protocols. So the protocols will only contain general information on the data that processed and will offer general functionality that is not specific for one jurisdiction. This XEP is the central point for gathering all information regarding setting up a server that is compliant with the GDPR. This XEP is accompanied by several other documents, including a template for Terms of Service and a template for a Privacy Statement.

+

The General Data Protection Regulation (GDPR) is an European Union wide regulation about handling personal data. This XEP is a central place with information for server operators who need (or want) to have their server GDPR compliant. This information is general and still subject to debate amongst lawyers, it doesn't offer a legal advice. When in doubt consult your own lawyer.

+

These best practices are aimed at operators of public jabbers servers that are federating with other public jabber servers. Though this XEP is written with a typical server setup in mind, it contains also some considerations for other setups. This XEP does not fully cover the requirements for private XMPP deployments, like an in company server and this XEP does not cover situations where the XMPP traffic is used to observe and analyse the behaviour of users.

+

The XMPP core specifications and many of the XMPP Extension Protocols describe handling of data that is regulated by the GDRP. But XMPP is deployed in many different jurisdictions and the aim of the protocols is to ensure interoperability, not to encode (local) laws into the protocols. So the protocols will only contain general information on the data that processed and will offer general functionality that is not specific for one jurisdiction. This XEP is the central point for gathering all information regarding setting up a server that is compliant with the GDPR. This XEP is accompanied by several other documents, including a template for Terms of Service and a template for a Privacy Statement.

The aim of this XEP is to make it easy for operators of public XMPP servers to setup a GDPR compliant server. This XEP does not cover private setups or setups where the processed data is used for any purpose other then the communication between the end users.