<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>> I agree that exposing sensitive data would be problematic
but sharing the username does not seem to be something too
private. Your full name for example also appears in this mailing
list or as part of your twitter account. So under which
circumstances would it be problematic if your name would be
written to a QGIS project file?</p>
<p><br>
</p>
<p>Not a lawyer, but I have an interest in the GDPR. Basically, this
qualifies as "personal information"
(<a class="moz-txt-link-freetext" href="https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/what-is-personal-data/what-is-personal-data/">https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/what-is-personal-data/what-is-personal-data/</a>):
<br>
</p>
<p>“‘personal data’ means any information relating to an identified
or identifiable natural person (‘data subject’); an identifiable
natural person is one who can be identified, directly or
indirectly, in particular by reference to an identifier such as a
name, an identification number, location data, an online
identifier or to one or more factors specific to the physical,
physiological, genetic, mental, economic, cultural or social
identity of that natural person”.<br>
</p>
<p>Especially as some user names will be the users actual name.
Which means it falls under the GDPR.<br>
</p>
<p>This in turn means there's a whole bunch of other GDPR related
requirements that have to be met when handling any file that has
that data in:
<a class="moz-txt-link-freetext" href="https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/">https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/</a>
- and I suppose that also means you have to ensure that anyone who
receives that file is also GDPR compliant and treats the file in
accordance with it. And of course you can't be sharing it randomly
with the public.<br>
</p>
<p><b>TL;DR: include absolutely no personal data by default anywhere
in any files.</b><br>
</p>
<p>(And to address Thomas' point: The reason you can do it on
mailing lists is because by posting here we're explicitly
consenting to it. It's understood that that'll happen. 99% of
users won't know their username is in a file that's shared so
there's no basis for consent.)</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 2021-03-23 20:05, Thomas B wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAD3koGn1pjP2CpMT-wavLuFFQpZmTqK+S134N2TN08SvcXcJ+Q@mail.gmail.com">
<div dir="ltr">
<div>Hi Matteo,</div>
<div>can you give an example when exposing the username could be
problematic?<br>
<br>
</div>
<div>As far as I know other common programs like Word, Excel and
so on also add your full name as author to the metadata of
every Word- or Excel file you create.</div>
<div>I think this is something very useful if you work with
others within one company. If you send these files to someone
else and want to get rid of these metadata you can delete this
metadata information.</div>
<div><br>
</div>
<div>I agree that exposing sensitive data would be problematic
but sharing the username does not seem to be something too
private. Your full name for example also appears in this
mailing list or as part of your twitter account. So under
which circumstances would it be problematic if your name would
be written to a QGIS project file?</div>
<div><br>
</div>
<div>regards,</div>
<div>Thomas<br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">Am Di., 23. März 2021 um
09:01 Uhr schrieb matteo <<a
href="mailto:matteo.ghetta@gmail.com" moz-do-not-send="true">matteo.ghetta@gmail.com</a>>:<br>
</div>
<blockquote class="gmail_quote">Hi devs,<br>
<br>
in the Italian QGIS Group we had a discussion on privacy
"issues" <br>
related to the exposure of some Global Variables, like
"user_full_name", <br>
that is automatically taken from the client.<br>
<br>
Maybe some variable should be opt-in rather then opt-out:
sharing a <br>
project between different computers/users can expose the user
name <br>
without an explicit agreement of the final user.<br>
<br>
What is your opinion on this?<br>
<br>
Cheers<br>
<br>
Matteo<br>
_______________________________________________<br>
QGIS-Developer mailing list<br>
<a href="mailto:QGIS-Developer@lists.osgeo.org"
target="_blank" moz-do-not-send="true">QGIS-Developer@lists.osgeo.org</a><br>
List info: <a
href="https://lists.osgeo.org/mailman/listinfo/qgis-developer"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.osgeo.org/mailman/listinfo/qgis-developer</a><br>
Unsubscribe: <a
href="https://lists.osgeo.org/mailman/listinfo/qgis-developer"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.osgeo.org/mailman/listinfo/qgis-developer</a><br>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
QGIS-Developer mailing list
<a class="moz-txt-link-abbreviated" href="mailto:QGIS-Developer@lists.osgeo.org">QGIS-Developer@lists.osgeo.org</a>
List info: <a class="moz-txt-link-freetext" href="https://lists.osgeo.org/mailman/listinfo/qgis-developer">https://lists.osgeo.org/mailman/listinfo/qgis-developer</a>
Unsubscribe: <a class="moz-txt-link-freetext" href="https://lists.osgeo.org/mailman/listinfo/qgis-developer">https://lists.osgeo.org/mailman/listinfo/qgis-developer</a>
</pre>
</blockquote>
</body>
</html>