Hi all, During the last "XSF & GDPR" meeting (minutes pending), we were discussing HTTP Upload.
As it turns out, several implementations are making it not trivial for operators to be GDPR compliant. One of the things definitely necessary (as far as our understanding goes) is that users must be able to have their data deleted in a reasonable timeframe; it must also be possible to create a bundle of all data the service currently has from the user. Some implementations do not allow this. I have prepared [PR #625] which adds wording to inform implementations about these requirements. In addition, it would be useful if users could delete files they uploaded themselves. This is rather optional (which is why I made separate PRs), since services are likely to auto-expire files anyways. I can however see use-cases where a user wants a file deleted immediately, and this saves the interaction with the operator. I prepared [PR #624] for this. I’d like to hear your (especially Daniels) opinions on this. kind regards, Jonas [PR #625]: https://github.com/xsf/xeps/pull/625 [PR #624]: https://github.com/xsf/xeps/pull/624
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________
