[OSGeo-Standards] [Board] Fwd: Re: GPDR

Sat Jul 21 15:12:19 PDT 2018

Thanks Scott,

So this appears to be the main OGC document:
http://www.opengeospatial.org/ogc/policies/privacy

This goes a bit beyond what we do at OSGeo, as OGC has a more complicated
relationship with members and customers.
--
Jody Garnett

On Wed, 18 Jul 2018 at 08:27, Scott Simmons <ssimmons at opengeospatial.org>
wrote:

> Dear OSGeo interested parties,
>
> Feel free to borrow any GDPR content you find on OGC public resources (as
> you can do from other organizations as well). OGC and OSGeo do operate a
> little differently, so our GDPR actions may not be completely applicable to
> OSGeo and OGC most certainly is not an expert on GPDR topics.
>
> Best Regards,
> Scott
>
> Scott Simmons
> Executive Director, Standards Program
> Open Geospatial Consortium (OGC)
> tel +1 970 682 1922
> mob +1 970 214 9467
> ssimmons at opengeospatial.org
>
> The OGC: Making Location Count…
> www.opengeospatial.org
>
> On Jul 17, 2018, at 1:36 PM, Cameron Shorter <cameron.shorter at gmail.com>
> wrote:
>
> OGC folk,
>
> You are mentioned in this OSGeo Board email discussion, and if you have a
> spare moment to weigh in, then your comments would be warmly welcomed.
>
> Cheers, Cameron
>
>
> -------- Forwarded Message --------
> Subject: Re: [Board] GPDR
> Date: Tue, 17 Jul 2018 20:55:45 +0200
> From: Arnulf Christl (aka Seven) <seven at arnulf.us> <seven at arnulf.us>
> To: board at lists.osgeo.org
>
> Thanks for the input Ben. It would be great, if you could help with the
> wording of OSGeo's privacy statement.
>
> From here on only ugly fine print...:
> Am 2018-07-17 um 19:46 schrieb Steven Feldman:
>
> I think they are compliant - you actively sign up to the lists that you
> want to subscribe and you have an option to unsubscribe or delete your
> account completely.
>
>
> Yes. We do not really have to do anything at all, except:
>
> We will need to check whether deleting an account removes the email
> address etc. My view fwiw is that we have no obligation to purge archived
> emails
>
>
> Right. The only thing promoted by the new GDPR we do not and cannot comply
> to is to enable "forgetting". It is not applicable in our context because "the
> data no longer being relevant to original purposes for processing" does
> not apply because it is always relevant for the original purpose. One of
> the principal goals of OSGeo is to make processes and decisions transparent
> and protect projects from patent infringement claims and similar (where
> there is a ton of money and profits! Oh, add a few more !!! ).
>
> In case there is an ugly row about something and somebody says something
> nasty and wants to withdraw this from the archives it can happen. It has
> been done before. And in our community (so far) it does not require legal
> steps and I'd totally promote that we keep it that way.
>
> but I think that should be made clear in our privacy policy - which we
> need to write!
>
>
> Exactly.
>
> In order to have code provenance, prior art and the like transparent it is
> absolutely required to have all discussions and processes and decisions on
> a topic transparent and archived. This includes the personal data (email
> address and name as given by the individual or known by the community) of
> the corresponding individual providing input to a discussion. No privacy
> here, legal requirements override personal data rights. Which we may have
> to make clear in our subscription process and write down in our privacy
> statement. Sort of along the lines of: "if you join you give up your right
> to be forgotten because what we do really is relevant from a legal aspect".
>
>
> In case someone from OGC is listening in - they know about this stuff and
> we would be well advised to copy - erm - fork some of their legalese.
>
> Do you fancy getting involved to help get this done?
>
>
> Haha, good try but actually no. Because it is spam wrapped in a pita. But
> yes, someone will have to do it.
>
> The good news is: Nobody will want to sue OSGeo because it is totally not
> sexy to sue not-for-profits plus there is no profit, hence the name, right?
> :-) Trouble is, eventually Nobody may come round.
>
> So my take is: Keep it cool but get it done.
>
>
> Thanks,
> Arnulf
>
> PS:
> In case this is still open by then end of October (busy in other realms
> until then) I am happy to connect with the OGC and also help with some
> "resistance is futile, we will assimilate you" wording.
>
> Cheers,
> Seven
>
>
> ______
> Steven
>
>
> On 16 Jul 2018, at 10:39, Ben Caradoc-Davies <ben at transient.nz> wrote:
>
> What about email archives? They are not self-service.
>
> Do we have an obligation to purge archived emails or correct names or
> email addresses in archives on requests?
>
> Do we have an obligation to report all personal information held by OSGeo
> on request? Should OSGeo have a procedure for handling such requests?
>
> Kind regards,
> Ben.
>
> On 16/07/18 18:00, Jody Garnett wrote:
>
> Advice would be very much appreciated.
> My own preference is to be clear that OSGeo is largely self-serve, and if
> we document steps to sign up for something we also document the steps to
> un-sign up for something.
> I think OSGeo has one mail chimp account used by marketing and geoforall -
> but it am not sure how heavily it is used?
> --
> Jody Garnett
> On Sat, 14 Jul 2018 at 10:16, stevenfeldman <shfeldman at gmail.com> wrote:
>
> Jody
>
> I think the Board needs to take a more proactive approach to GDPR. This is
> quite significant legislation and we should ensure that we have taken
> "reasonable steps" to audit our personal data holdings and ensure we have
> compliant processes.
>
> The UK Information Commissioner's Office has a good intro to GDPR at
>
>
> https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
> and a simple checklist tool at
>
>
> https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/
> (each EU country will have similar info but this is in English)
>
> MailChimp has good tools for getting mail-list approval and providing
> unsubscribe options. Do we have an OSGeo account or is usage less formal
> across the regions?
>
> I'm sure several of our EU members have already worked through GDPR with
> their organisations and could provide advice
>
> Cheers
>
> Steven
>
>
>
> --
> Sent from: http://osgeo-org.1560.x6.nabble.com/OSGeo-Board-f3713809.html
> _______________________________________________
> Board mailing list
> Board at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/board
>
> _______________________________________________
> Board mailing list
> Board at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/board
>
>
> --
> Ben Caradoc-Davies <ben at transient.nz>
> Director
> Transient Software Limited <https://transient.nz/>
> New Zealand
>
>
>
>
> _______________________________________________
> Board mailing listBoard at lists.osgeo.orghttps://lists.osgeo.org/mailman/listinfo/board
>
>
> -- http://arnulf.us
> drwxrw-r--
>
> <Attached Message Part.txt>_______________________________________________
> Standards mailing list
> Standards at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/standards
>
>
> _______________________________________________
> Board mailing list
> Board at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/standards/attachments/20180721/fa2148e1/attachment.html>