Hi Adrian, On Thu, Mar 31, 2022 at 1:24 PM Adrian Bunk <b...@debian.org> wrote: > > The discussion starting in [1] is about privacy in Debian with a focus > on the GDPR of the European Union. > > There seems to be a general agreement that privacy in Debian falls > short of the legal minimum requirements at least in the EU. > > Even the exact scope of the problem is not clear. > > Question to all candidates: > > If elected, will you ask our Data Protection team and our GDPR lawyer to > jointly do a review of all handling of personal data in Debian regarding > GDPR compliance, and make the results of the review available to all > developers?
Yes. The release of any findings may be redacted, or may be a summary. Recipients may be required to sign a confidentiality agreement coupled with an indemnity in the event of a breach, and a release of claims, or both. In all cases, I reserve the right to act on the advice of counsel—but with an explanation to you. I will treat you the same way that I would wish to be treated if our roles were reversed. I am committed to transparency when possible. Kind regards, Felix Lechner
