<daniels>
karolherbst: tbh we need to remove the logs full stop; there is no active consent nor is there a reasonable path to removal
<karolherbst>
daniels: even for just the messages?
<daniels>
that also implies that we need to stop using IRC for things which need to be logged
<daniels>
karolherbst: nick + messages -> personally-identifying information
<karolherbst>
sure, but it's all public anyway
<karolherbst>
but yeah...
<jrayhawk>
Or externalize responsibility for hosting logs to a small person or organization not subject to privacy regs.
<daniels>
karolherbst: that’s not an excuse
<karolherbst>
yeah.. probably not
<jrayhawk>
I can potentially do that next week if a better solution isn't found.
<karolherbst>
jrayhawk: I think the problem is rather than we more or less have to stop doing it right now and reenable it once we find a working solution
xexaxo has quit [Remote host closed the connection]
xexaxo has joined #freedesktop
<karolherbst>
but I have no idea how simple it would be to store messages as I suspect one could easibly argue that mentioning logging in the topic might be enough as long as no additional personal data gets stored.. but in the end I have no clue anyway :)
Brocker has quit [Quit: Dont Touch Only Watch]
Brocker has joined #freedesktop
<FLHerne>
daniels: Put it (back) in the topic?
<FLHerne>
Even without it, I don't think there's an expectation of privacy in a public channel with hundreds of users
<FLHerne>
Losing years of logs would be a pretty big inconvenience, that seems like a massive overreaction to what is AAUI a completely hypothetical issue
<FLHerne>
I'd argue it comes under the "legitimate interests" justification, which doesn't require specific consent
Haaninjo has joined #freedesktop
<FLHerne>
Only that the data is used in a manner people would "reasonably expect" -- project IRC channels are frequently logged -- and that a reasonable subject wouldn't consider intrusive or harmful
<FLHerne>
Does need a public policy statement somewhere, and a means for anyone who hypothetically wants to be scrubbed for the logs to ask to be
<FLHerne>
people wouldn't expect those to be logged and there's no benefit to doing so
Haaninjo has quit [Quit: Ex-Chat]
gawin has quit [Quit: Konversation terminated!]
ximion has quit []
ximion has joined #freedesktop
<karolherbst>
FLHerne: what do you mean by hypothetical?
<karolherbst>
we can't store personal data without consent
<karolherbst>
period
<karolherbst>
Also.. if a user requests a data dump under GDPR, we have to be able to give that user everything we stored
<FLHerne>
karolherbst: By "hypothetical" I meant that, as far as I'm aware, no-one has actually objected to their messages being logged, and there's no reason to expect that
<FLHerne>
karolherbst: Also, GDPR does *not* require consent in all cases
<karolherbst>
FLHerne: but for personal information
<karolherbst>
can you say that all messages are 0% personal information?
<karolherbst>
I mean.. for IRC chat messages it might be _fine_ as long as the channels appear to be public enough
<karolherbst>
but
<karolherbst>
I am not a lawyer and I can't say it with 99.9999% certainty
<karolherbst>
can you?
<FLHerne>
I think there's no question that messages are personal data
<karolherbst>
what we "think" doesn't matter here
<karolherbst>
are you sure that you are right on this?
<FLHerne>
but as described in the link above, it's perfectly legal under GDPR to store personal data for "legitimate interests" without explicit consent
<karolherbst>
worst case somebody complains and freedesktop has to pay money because of violating the GDPR
<karolherbst>
we don't have a legitimate interest here
<FLHerne>
translation issue, I think it definitely *is* 'personal data' within the meaning of the GDPR
<karolherbst>
none of this depends on the messages being stored
<karolherbst>
we could just not store it and operation would just continue as is
<FLHerne>
so fd.o does need an official policy, and a way to remove it on request
<karolherbst>
_maybe_
<FLHerne>
(which would probably be "grep for that nick and delete it")
<karolherbst>
but again, are you _sure_ it is like you think it is?
<FLHerne>
Fairly, yes
<karolherbst>
ehh
<karolherbst>
that's not enough :D
<FLHerne>
I operate several websites that store a lot of personal data
<FLHerne>
so I read the GDPR/ICO rules very thoroughly
<karolherbst>
did you ask a lawyer which told you what we need to do?
<karolherbst>
FLHerne: ehh.. well.. if you are a lawyer I'd say that's enough, but if you are not I'd say it doesn't matter a tiny bit if you read it or not
<karolherbst>
some terms don't mean the same as we think they do
<karolherbst>
it's very tricky
<karolherbst>
you could be right, but you could also not be, and I don't claim I know what to do here. Just saying that without being super ultra sure and have legal backup I wouldn't risk it
<FLHerne>
I think you're being overcautious; there's no "you are technically in violation of subclause 73b, you must pay £1 million"
<karolherbst>
ehh, there actually is
<karolherbst>
question is, if non profit orgs would have to pay as much or if that would get waived with a warning
<FLHerne>
If someone whose messages are logged appeals to the ICO or whatever national equivalent there is, and *they* decide we acted in grossly bad faith, they can issue fines
<karolherbst>
yeah, they can
<karolherbst>
but that's not my point
<karolherbst>
I don't claim I know we are safe, you try to do exactly that, which I think is not okay here
<FLHerne>
but it's not remotely credible that they decide a non-profit org keeping logs of a public channel is that bad, even if it infringes at all which I'm quite confident it doesn't
<FLHerne>
Well, you're at RH, ask your lawyers :p
<karolherbst>
well, what if they decide the channel isn't public
<karolherbst>
and does it even matter?
<FLHerne>
It's clearly public
<FLHerne>
anyone can join it
<karolherbst>
ehh, that doesn't matter :)
<karolherbst>
or well.. it's not as black and white
<FLHerne>
Again, see the "legitimate interests" tests I linked above
<FLHerne>
there's no magic "it's public we can log it" rule, I'm not saying we can just blindly keep everything
<karolherbst>
well
<karolherbst>
currently we don't comply with it
<karolherbst>
I am not saying that it's not fine to store messages and provide them through the webiste
<__tim>
do you think it passes the "is necessary" threshold?
<karolherbst>
*website
<karolherbst>
I just say I am not 99.999% sure that it's fine
<karolherbst>
__tim: nope
<karolherbst>
it doens't
<karolherbst>
but you could assume users to expect it's public and that logs are stored and such
<FLHerne>
but if we do an assessment and decide that people in a project IRC channel can reasonably expect to be logged (true), and it fulfils a legitimate interest (keeping logs for future reference), and keeping the data for that purpose is necessary (obviously)
<karolherbst>
but then we don't protect peoples rights and interes
<karolherbst>
*interests
<karolherbst>
FLHerne: sure, but we do it the wrong way regardless
<karolherbst>
so atm we violate the GDPR
<karolherbst>
and that is quite obvious actually
<FLHerne>
What rights and interests do people have in their public IRC messages about graphics being public?
<karolherbst>
FLHerne: that's not the point :D
<karolherbst>
think abvout somebody posting personal information and tells us: please delete it
<karolherbst>
we can't comply in that case
<FLHerne>
People generally have an interest in their messages being public, in fact, because we all use the logs
<karolherbst>
well.. I guess we could ssh and just edit the file or so...
<FLHerne>
I'd really hope we can
<FLHerne>
Yeah, that
<karolherbst>
but.. I don't know if there needs to be an automatable way
<karolherbst>
like user clicks "delete all data of me"
<karolherbst>
do we even have to remove all mentions of a person?
<karolherbst>
and all quotes?
<FLHerne>
It has to be possible without undue delay, and in the worst case within a month of being requested
<FLHerne>
(and there should be a procedure for requesting it, obviously)
<FLHerne>
it doesn't have to be automated
<karolherbst>
yeah.. okay, but again, the point of mine is not that it's probably okay, but do we know for sure we have a solution for this situation where we can say it's okay?
<karolherbst>
also.. we store IP addresses atm
<karolherbst>
which is totally not okay
<FLHerne>
Yeah, I agree those really need to go
<FLHerne>
That fails the "legitimate interest" test because no-one has any use for them, and people don't expect them to be logged
<karolherbst>
anyway.. I think I'd just want some legal backup here and then it's fine, otherwise... dunno
<FLHerne>
Only their data in principle
<FLHerne>
but if someone *really* wants us to grep for all lines with their nick in and delete those, why not
<FLHerne>
I do also think the link should go back in the topic
<karolherbst>
yeah
<karolherbst>
it has to
<FLHerne>
(a) it removes any doubt about whether people expect to be logged
<FLHerne>
(b) it's pretty useful :p
<karolherbst>
yeah
<karolherbst>
not saying that I think it is fine, just I am not sure on this :)
<FLHerne>
well, you probably have easier access to lawyers than me ;-)
<karolherbst>
I guess so
<karolherbst>
just not sure if they even looked into this problem, but yeah...
<FLHerne>
Like I said, I'm fairly confident in my understanding because I spent some days going through the ICO guidance line-by-line and deleting stuff or changing systems to comply with it
<FLHerne>
but asking a lawyer would indeed be better if you have some
<karolherbst>
mhh
<FLHerne>
and I'm sure Red Hat have loads
<karolherbst>
maybe we should ask SPI?
<karolherbst>
I am sure they already looked into this problem
<karolherbst>
as I don't think any lawyer at RH really dealt with that.. or maybe for the gnome foundation or something...
<karolherbst>
but I suspect they have their own or so? dunno
<FLHerne>
Surely RH have their own websites and customer data and so on
<karolherbst>
ehh, GDPR in general yes, but public IRC channel logs?
<FLHerne>
*everyone* operating some kind of commercial website in Europe ought to be familiar with the GDPR by now, and therefore big corporations' lawyers should be
<karolherbst>
that's not my point though
<karolherbst>
they have to evaluate the situation against it and everything
<FLHerne>
well, if they know the rules they can decide what public IRC logs count as :p
<karolherbst>
I don't think it's that easy :p
<FLHerne>
Well, that's the downside of trying to ask lawyers then
<karolherbst>
I mean.. I can certainly ask, I just suspect that SPI already has the answer
<FLHerne>
Ask them, then?
<karolherbst>
mhh. ubunut has public logs
<FLHerne>
My opinion is still that you're overthinking it, and we should go ahead and make a reasonable effort to comply with the rules as read in a way that makes sense