<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Thanks for the input Ben. It would be great, if you could help
with the wording of OSGeo's privacy statement. <br>
</p>
<p>From here on only ugly fine print...: <br>
</p>
<div class="moz-cite-prefix">Am 2018-07-17 um 19:46 schrieb Steven
Feldman:<br>
</div>
<blockquote type="cite"
cite="mid:91836600-EDC7-484A-9822-6A777F2F533C@gmail.com">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
I think they are compliant - you actively sign up to the lists
that you want to subscribe and you have an option to unsubscribe
or delete your account completely. <br>
</blockquote>
<br>
Yes. We do not really have to do anything at all, except: <br>
<br>
<blockquote type="cite"
cite="mid:91836600-EDC7-484A-9822-6A777F2F533C@gmail.com">
<div class="">We will need to check whether deleting an account
removes the email address etc. My view fwiw is that we have no
obligation to purge archived emails </div>
</blockquote>
<br>
Right. The only thing promoted by the new GDPR we do not and cannot
comply to is to enable "forgetting". It is not applicable in our
context because "<span style="font-size:14px;"><span
style="font-family:trebuchet ms,helvetica,sans-serif;">the data
no longer being relevant to original purposes for processing</span></span>"
does not apply because it is always relevant for the original
purpose. One of the principal goals of OSGeo is to make processes
and decisions transparent and protect projects from patent
infringement claims and similar (where there is a ton of money and
profits! Oh, add a few more !!! ). <br>
<br>
In case there is an ugly row about something and somebody says
something nasty and wants to withdraw this from the archives it can
happen. It has been done before. And in our community (so far) it
does not require legal steps and I'd totally promote that we keep it
that way. <br>
<br>
<blockquote type="cite"
cite="mid:91836600-EDC7-484A-9822-6A777F2F533C@gmail.com">
<div class="">but I think that should be made clear in our privacy
policy - which we need to write!</div>
</blockquote>
<br>
Exactly. <br>
<br>
In order to have code provenance, prior art and the like transparent
it is absolutely required to have all discussions and processes and
decisions on a topic transparent and archived. This includes the
personal data (email address and name as given by the individual or
known by the community) of the corresponding individual providing
input to a discussion. No privacy here, legal requirements override
personal data rights. Which we may have to make clear in our
subscription process and write down in our privacy statement. Sort
of along the lines of: "if you join you give up your right to be
forgotten because what we do really is relevant from a legal
aspect". <br>
<br>
In case someone from OGC is listening in - they know about this
stuff and we would be well advised to copy - erm - fork some of
their legalese. <br>
<br>
<blockquote type="cite"
cite="mid:91836600-EDC7-484A-9822-6A777F2F533C@gmail.com">
<div class="">Do you fancy getting involved to help get this done?<br
class="">
</div>
</blockquote>
<br>
Haha, good try but actually no. Because it is spam wrapped in a
pita. But yes, someone will have to do it. <br>
<br>
The good news is: Nobody will want to sue OSGeo because it is
totally not sexy to sue not-for-profits plus there is no profit,
hence the name, right? :-) Trouble is, eventually Nobody may come
round. <br>
<br>
So my take is: Keep it cool but get it done. <br>
<br>
<br>
Thanks, <br>
Arnulf<br>
<br>
PS:<br>
In case this is still open by then end of October (busy in other
realms until then) I am happy to connect with the OGC and also help
with some "resistance is futile, we will assimilate you" wording. <br>
<br>
Cheers, <br>
Seven <br>
<br>
<br>
<blockquote type="cite"
cite="mid:91836600-EDC7-484A-9822-6A777F2F533C@gmail.com">
<div class="">
<div class="">
<span class="Apple-style-span" style="border-collapse:
separate; color: rgb(0, 0, 0); font-family: Helvetica;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: 2; text-align: -webkit-auto; text-indent: 0px;
text-transform: none; white-space: normal; widows: 2;
word-spacing: 0px; -webkit-border-horizontal-spacing: 0px;
-webkit-border-vertical-spacing: 0px;
-webkit-text-decorations-in-effect: none;
-webkit-text-size-adjust: auto; -webkit-text-stroke-width:
0px; ">______<br class="">
Steven<br class="">
<br class="">
</span>
</div>
<div><br class="">
<blockquote type="cite" class="">
<div class="">On 16 Jul 2018, at 10:39, Ben Caradoc-Davies
<<a href="mailto:ben@transient.nz" class=""
moz-do-not-send="true">ben@transient.nz</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div class="">What about email archives? They are not
self-service.<br class="">
<br class="">
Do we have an obligation to purge archived emails or
correct names or email addresses in archives on
requests?<br class="">
<br class="">
Do we have an obligation to report all personal
information held by OSGeo on request? Should OSGeo have
a procedure for handling such requests?<br class="">
<br class="">
Kind regards,<br class="">
Ben.<br class="">
<br class="">
On 16/07/18 18:00, Jody Garnett wrote:<br class="">
<blockquote type="cite" class="">Advice would be very
much appreciated.<br class="">
My own preference is to be clear that OSGeo is largely
self-serve, and if<br class="">
we document steps to sign up for something we also
document the steps to<br class="">
un-sign up for something.<br class="">
I think OSGeo has one mail chimp account used by
marketing and geoforall -<br class="">
but it am not sure how heavily it is used?<br class="">
--<br class="">
Jody Garnett<br class="">
On Sat, 14 Jul 2018 at 10:16, stevenfeldman <<a
href="mailto:shfeldman@gmail.com" class=""
moz-do-not-send="true">shfeldman@gmail.com</a>>
wrote:<br class="">
<blockquote type="cite" class="">Jody<br class="">
<br class="">
I think the Board needs to take a more proactive
approach to GDPR. This is<br class="">
quite significant legislation and we should ensure
that we have taken<br class="">
"reasonable steps" to audit our personal data
holdings and ensure we have<br class="">
compliant processes.<br class="">
<br class="">
The UK Information Commissioner's Office has a good
intro to GDPR at<br class="">
<br class="">
<a
href="https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/"
class="" moz-do-not-send="true">https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/</a><br
class="">
and a simple checklist tool at<br class="">
<br class="">
<a class="moz-txt-link-freetext" href="https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/">https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/</a><br
class="">
(each EU country will have similar info but this is
in English)<br class="">
<br class="">
MailChimp has good tools for getting mail-list
approval and providing<br class="">
unsubscribe options. Do we have an OSGeo account or
is usage less formal<br class="">
across the regions?<br class="">
<br class="">
I'm sure several of our EU members have already
worked through GDPR with<br class="">
their organisations and could provide advice<br
class="">
<br class="">
Cheers<br class="">
<br class="">
Steven<br class="">
<br class="">
<br class="">
<br class="">
--<br class="">
Sent from:
<a class="moz-txt-link-freetext" href="http://osgeo-org.1560.x6.nabble.com/OSGeo-Board-f3713809.html">http://osgeo-org.1560.x6.nabble.com/OSGeo-Board-f3713809.html</a><br
class="">
_______________________________________________<br
class="">
Board mailing list<br class="">
<a class="moz-txt-link-abbreviated" href="mailto:Board@lists.osgeo.org">Board@lists.osgeo.org</a><br class="">
<a class="moz-txt-link-freetext" href="https://lists.osgeo.org/mailman/listinfo/board">https://lists.osgeo.org/mailman/listinfo/board</a><br
class="">
</blockquote>
_______________________________________________<br
class="">
Board mailing list<br class="">
<a href="mailto:Board@lists.osgeo.org" class=""
moz-do-not-send="true">Board@lists.osgeo.org</a><br
class="">
<a class="moz-txt-link-freetext" href="https://lists.osgeo.org/mailman/listinfo/board">https://lists.osgeo.org/mailman/listinfo/board</a><br
class="">
</blockquote>
<br class="">
-- <br class="">
Ben Caradoc-Davies <<a href="mailto:ben@transient.nz"
class="" moz-do-not-send="true">ben@transient.nz</a>><br
class="">
Director<br class="">
Transient Software Limited <<a
href="https://transient.nz/" class=""
moz-do-not-send="true">https://transient.nz/</a>><br
class="">
New Zealand<br class="">
</div>
</div>
</blockquote>
</div>
<br class="">
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Board mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Board@lists.osgeo.org">Board@lists.osgeo.org</a>
<a class="moz-txt-link-freetext" href="https://lists.osgeo.org/mailman/listinfo/board">https://lists.osgeo.org/mailman/listinfo/board</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
<a class="moz-txt-link-freetext" href="http://arnulf.us">http://arnulf.us</a>
drwxrw-r--</pre>
</body>
</html>