<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>OGC folk,</p>
<p>You are mentioned in this OSGeo Board email discussion, and if
you have a spare moment to weigh in, then your comments would be
warmly welcomed.</p>
<p>Cheers, Cameron<br>
</p>
<div class="moz-forward-container"><br>
<br>
-------- Forwarded Message --------
<table class="moz-email-headers-table" cellspacing="0"
cellpadding="0" border="0">
<tbody>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Subject:
</th>
<td>Re: [Board] GPDR</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Date: </th>
<td>Tue, 17 Jul 2018 20:55:45 +0200</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">From: </th>
<td>Arnulf Christl (aka Seven) <a class="moz-txt-link-rfc2396E" href="mailto:seven@arnulf.us"><seven@arnulf.us></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">To: </th>
<td><a class="moz-txt-link-abbreviated" href="mailto:board@lists.osgeo.org">board@lists.osgeo.org</a></td>
</tr>
</tbody>
</table>
<br>
<br>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<p>Thanks for the input Ben. It would be great, if you could help
with the wording of OSGeo's privacy statement. <br>
</p>
<p>From here on only ugly fine print...: <br>
</p>
<div class="moz-cite-prefix">Am 2018-07-17 um 19:46 schrieb Steven
Feldman:<br>
</div>
<blockquote type="cite"
cite="mid:91836600-EDC7-484A-9822-6A777F2F533C@gmail.com">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
I think they are compliant - you actively sign up to the lists
that you want to subscribe and you have an option to unsubscribe
or delete your account completely. <br>
</blockquote>
<br>
Yes. We do not really have to do anything at all, except: <br>
<br>
<blockquote type="cite"
cite="mid:91836600-EDC7-484A-9822-6A777F2F533C@gmail.com">
<div class="">We will need to check whether deleting an account
removes the email address etc. My view fwiw is that we have no
obligation to purge archived emails </div>
</blockquote>
<br>
Right. The only thing promoted by the new GDPR we do not and
cannot comply to is to enable "forgetting". It is not applicable
in our context because "<span style="font-size:14px;"><span
style="font-family:trebuchet ms,helvetica,sans-serif;">the
data no longer being relevant to original purposes for
processing</span></span>" does not apply because it is always
relevant for the original purpose. One of the principal goals of
OSGeo is to make processes and decisions transparent and protect
projects from patent infringement claims and similar (where there
is a ton of money and profits! Oh, add a few more !!! ). <br>
<br>
In case there is an ugly row about something and somebody says
something nasty and wants to withdraw this from the archives it
can happen. It has been done before. And in our community (so far)
it does not require legal steps and I'd totally promote that we
keep it that way. <br>
<br>
<blockquote type="cite"
cite="mid:91836600-EDC7-484A-9822-6A777F2F533C@gmail.com">
<div class="">but I think that should be made clear in our
privacy policy - which we need to write!</div>
</blockquote>
<br>
Exactly. <br>
<br>
In order to have code provenance, prior art and the like
transparent it is absolutely required to have all discussions and
processes and decisions on a topic transparent and archived. This
includes the personal data (email address and name as given by the
individual or known by the community) of the corresponding
individual providing input to a discussion. No privacy here, legal
requirements override personal data rights. Which we may have to
make clear in our subscription process and write down in our
privacy statement. Sort of along the lines of: "if you join you
give up your right to be forgotten because what we do really is
relevant from a legal aspect". <br>
<br>
In case someone from OGC is listening in - they know about this
stuff and we would be well advised to copy - erm - fork some of
their legalese. <br>
<br>
<blockquote type="cite"
cite="mid:91836600-EDC7-484A-9822-6A777F2F533C@gmail.com">
<div class="">Do you fancy getting involved to help get this
done?<br class="">
</div>
</blockquote>
<br>
Haha, good try but actually no. Because it is spam wrapped in a
pita. But yes, someone will have to do it. <br>
<br>
The good news is: Nobody will want to sue OSGeo because it is
totally not sexy to sue not-for-profits plus there is no profit,
hence the name, right? :-) Trouble is, eventually Nobody may come
round. <br>
<br>
So my take is: Keep it cool but get it done. <br>
<br>
<br>
Thanks, <br>
Arnulf<br>
<br>
PS:<br>
In case this is still open by then end of October (busy in other
realms until then) I am happy to connect with the OGC and also
help with some "resistance is futile, we will assimilate you"
wording. <br>
<br>
Cheers, <br>
Seven <br>
<br>
<br>
<blockquote type="cite"
cite="mid:91836600-EDC7-484A-9822-6A777F2F533C@gmail.com">
<div class="">
<div class=""> <span class="Apple-style-span"
style="border-collapse: separate; color: rgb(0, 0, 0);
font-family: Helvetica; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal;
line-height: normal; orphans: 2; text-align: -webkit-auto;
text-indent: 0px; text-transform: none; white-space:
normal; widows: 2; word-spacing: 0px;
-webkit-border-horizontal-spacing: 0px;
-webkit-border-vertical-spacing: 0px;
-webkit-text-decorations-in-effect: none;
-webkit-text-size-adjust: auto; -webkit-text-stroke-width:
0px; ">______<br class="">
Steven<br class="">
<br class="">
</span> </div>
<div><br class="">
<blockquote type="cite" class="">
<div class="">On 16 Jul 2018, at 10:39, Ben Caradoc-Davies
<<a href="mailto:ben@transient.nz" class=""
moz-do-not-send="true">ben@transient.nz</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div class="">What about email archives? They are not
self-service.<br class="">
<br class="">
Do we have an obligation to purge archived emails or
correct names or email addresses in archives on
requests?<br class="">
<br class="">
Do we have an obligation to report all personal
information held by OSGeo on request? Should OSGeo
have a procedure for handling such requests?<br
class="">
<br class="">
Kind regards,<br class="">
Ben.<br class="">
<br class="">
On 16/07/18 18:00, Jody Garnett wrote:<br class="">
<blockquote type="cite" class="">Advice would be very
much appreciated.<br class="">
My own preference is to be clear that OSGeo is
largely self-serve, and if<br class="">
we document steps to sign up for something we also
document the steps to<br class="">
un-sign up for something.<br class="">
I think OSGeo has one mail chimp account used by
marketing and geoforall -<br class="">
but it am not sure how heavily it is used?<br
class="">
--<br class="">
Jody Garnett<br class="">
On Sat, 14 Jul 2018 at 10:16, stevenfeldman <<a
href="mailto:shfeldman@gmail.com" class=""
moz-do-not-send="true">shfeldman@gmail.com</a>>
wrote:<br class="">
<blockquote type="cite" class="">Jody<br class="">
<br class="">
I think the Board needs to take a more proactive
approach to GDPR. This is<br class="">
quite significant legislation and we should ensure
that we have taken<br class="">
"reasonable steps" to audit our personal data
holdings and ensure we have<br class="">
compliant processes.<br class="">
<br class="">
The UK Information Commissioner's Office has a
good intro to GDPR at<br class="">
<br class="">
<a
href="https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/"
class="" moz-do-not-send="true">https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/</a><br
class="">
and a simple checklist tool at<br class="">
<br class="">
<a class="moz-txt-link-freetext"
href="https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/"
moz-do-not-send="true">https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/</a><br
class="">
(each EU country will have similar info but this
is in English)<br class="">
<br class="">
MailChimp has good tools for getting mail-list
approval and providing<br class="">
unsubscribe options. Do we have an OSGeo account
or is usage less formal<br class="">
across the regions?<br class="">
<br class="">
I'm sure several of our EU members have already
worked through GDPR with<br class="">
their organisations and could provide advice<br
class="">
<br class="">
Cheers<br class="">
<br class="">
Steven<br class="">
<br class="">
<br class="">
<br class="">
--<br class="">
Sent from: <a class="moz-txt-link-freetext"
href="http://osgeo-org.1560.x6.nabble.com/OSGeo-Board-f3713809.html"
moz-do-not-send="true">http://osgeo-org.1560.x6.nabble.com/OSGeo-Board-f3713809.html</a><br
class="">
_______________________________________________<br
class="">
Board mailing list<br class="">
<a class="moz-txt-link-abbreviated"
href="mailto:Board@lists.osgeo.org"
moz-do-not-send="true">Board@lists.osgeo.org</a><br
class="">
<a class="moz-txt-link-freetext"
href="https://lists.osgeo.org/mailman/listinfo/board"
moz-do-not-send="true">https://lists.osgeo.org/mailman/listinfo/board</a><br
class="">
</blockquote>
_______________________________________________<br
class="">
Board mailing list<br class="">
<a href="mailto:Board@lists.osgeo.org" class=""
moz-do-not-send="true">Board@lists.osgeo.org</a><br
class="">
<a class="moz-txt-link-freetext"
href="https://lists.osgeo.org/mailman/listinfo/board"
moz-do-not-send="true">https://lists.osgeo.org/mailman/listinfo/board</a><br
class="">
</blockquote>
<br class="">
-- <br class="">
Ben Caradoc-Davies <<a
href="mailto:ben@transient.nz" class=""
moz-do-not-send="true">ben@transient.nz</a>><br
class="">
Director<br class="">
Transient Software Limited <<a
href="https://transient.nz/" class=""
moz-do-not-send="true">https://transient.nz/</a>><br
class="">
New Zealand<br class="">
</div>
</div>
</blockquote>
</div>
<br class="">
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Board mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Board@lists.osgeo.org" moz-do-not-send="true">Board@lists.osgeo.org</a>
<a class="moz-txt-link-freetext" href="https://lists.osgeo.org/mailman/listinfo/board" moz-do-not-send="true">https://lists.osgeo.org/mailman/listinfo/board</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
<a class="moz-txt-link-freetext" href="http://arnulf.us" moz-do-not-send="true">http://arnulf.us</a>
drwxrw-r--</pre>
</div>
</body>
</html>